Hi, By looking at the README file in the mod_auth_cas, I noticed the following statement : "CAS single sign out is currently not functional and disabled. It is only safe to use in the case where all requests are GET and not POST (the module inadvertently 'eats' some content of the POST request while determining if it should process it as a SAML logout request)."
Would reverting back to the last version without this notice (1.06, I think) be a viable option ? Do you know is there are any plan to fix the problem in the near future ? Does anyone have a test scenario to reproduce the problem (for example a curl request with the needed parameters) or a clearer idea of what is happening ? I might be able to get some funding and time to fix this problem. We currently use a customized version of Apache2::AuthCas ( http://search.cpan.org/~jhitt/Apache2-AuthCAS/), but this version does not seem to have any code to handle the SAML request correctly. Is there any other Apache http server client supporting single sign out that we could use ? Regards, Luke -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
