The /logout resource on the CAS server should destroy the TGT for that user. It should also destroy the corresponding TGC for the *cas server domain*. Apache + mod_auth_cas is an extra session for a cas client. From a user-agent point of view, this session appears to be part of the cas client domain.
Proxied CAS Client ------------------ mod_auth_cas: session determines whether user has been authenticated and exports attributes to back end webapp. webapp: Web app specific session info. vs. Integrated CAS Client --------------------- webapp: session determines whether user has been authenticated, holds attributes, and web app specific session info. In both of those scenarios, the CAS server maintains a TGT, and the user's browser maintains a matching TGC for the CAS server domain. Thanks, Carl Waldbieser ITS Systems Programmer Lafayette College ----- Original Message ----- From: "Chris Cheltenham" <cchelten...@swaintechs.com> To: "cas-user" <cas-user@lists.jasig.org> Sent: Monday, October 12, 2015 10:11:15 AM Subject: [cas-user] cas ticket expiration Hello, After a long weekend of investigation with CAS 3.5.2 I found out that the ticket destruction process, for us , does nothing. I do not understand why invoking logout destroys the CAS ticket in Catalina logs, however, the session is still alive. What is the point? We have a separate apache web front end the user is directed by mod_auth_cas. Mod_auth_cas controls the users session as the ticket created there is the same as the local users cookie session. As far as I can tell, in this scenario, the CAS ticket is meaningless. So what am I missing here? Is this the function of SLO which I believe is turned off by default? Does 4.1 do a better job with this functionality? Thank You; Chris Cheltenham cchelten...@swaintechs.com<mailto:cchelten...@swaintechs.com> SwainTechs 10 Walnut Grove Rd Suite 110 Horsham, PA 19044 888-905-5767 / X407 -- You are currently subscribed to cas-user@lists.jasig.org as: waldb...@lafayette.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
