On Sat, 3 Oct 2015, Chris Cheltenham wrote:
Andy,
Actually I have figured out the certificate issue.
Thanks
I have noticed each CAS session creates two tickets.
One is on tomcat on the CAS server that one gets destroyed.
There is another on /tmp/cas apache server which is a different box with
mod_auth_cas.
That apache session file / ticket does not go away unless you manually delete
it.
However, reading the docs it appears the ticket service is working as
advertised.
Our client is asking for a way to delete the ticket in /tmp/cas as well.
That is my issue ultimately.
I thought it was because of the certificate error it could not redirect the
logout back to the web server.
However, fixing my cert error did not completely fix my problem.
There must be another function to delete that session in /tmp/cas but I
cannot figure out what it is in the docs. Maybe it is SLO,
Correct. The CAS client maintains its own session after the initial
authentication. According to the mod_auth_cas README:
* CAS single sign out is currently not functional and disabled. It
is only safe to use in the case where all requests are GET and not
POST (the module inadvertently 'eats' some content of the POST
request while determining if it should process it as a SAML logout
request).
The docs for the SLO option:
Directive: CASSSOEnabled
Default: Off
Description: If enabled, this activates support for Single Sign Out within
the CAS
protocol. Please note that this feature is currently
experimental and
may mangle POST data.
So, you might be able to use SLO with mod_auth_cas if your application
does not use POST requests. Otherwise, perhaps a different CAS client
could be used, such as the PHP or Java client.
Andy
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
