Re: [cas-user] CAS Logout Issue

2020-03-24 Thread Ramakrishna G 
Hi Maksim,

Yes I had resolved this problem.

I had specified logoutType & logoutUrl in service file.

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https|http)://.*",
  "name" : "testId",
  "id" : 1,
  "logoutType" : "BACK_CHANNEL",
  "logoutUrl" : "https://backchannel.abc.com/logout.php;
}

Logout.php

 $v)
{
$ticket = $v;
$filename = md5($ticket);
$fileContent =
file_get_contents("/var/cache/mod_auth_cas/.$filename");
if($fileContent != "")
{
unlink("/var/cache/mod_auth_cas/$fileContent");
unlink("/var/cache/mod_auth_cas/.$filename");
}
}
?>

Basically I am forcefully deleting the cache files created by mod_auth_cas
during login. Next time any request from the browser will be invalidated as
the cookie files are deleted and automatically redirected to the login page.

Thanks & Regards
Ramakrishna G

On Tue, Mar 24, 2020 at 3:51 PM 'Maksim Kopeyka' via ram 
wrote:

> Hi Ramakrishna,
>
> Did you solve your issue? I have the same problem with SSL session which
> is alive after backchannel logout.
>
> On Wednesday, May 23, 2018 at 2:32:41 PM UTC+3, Ramakrishna G wrote:
>>
>> Ok Ray. Thanks for your help!!
>>
>> Anyone who has worked on Mod_auth_cas along with CAS server pls guide me.
>> My issue is MOD_AUTH_CAS_S cookie is not removed from browser after logout.
>>
>> Thanks
>> Ramakrishna G
>>
>> On Tue, May 22, 2018 at 9:53 PM, Ray Bon  wrote:
>>
>>> Ramakrishna,
>>>
>>> This now sounds like an issue on the client side. I have not used
>>> mod_auth_cas. Try debugging it and your client for how they handle the
>>> logout request.
>>>
>>> Ray
>>>
>>> On Tue, 2018-05-22 at 15:41 +0530, Ramakrishna G wrote:
>>>
>>> Ray,
>>>
>>> I was able to solve the ssl issue using open_sll. Now I am using https
>>> at both end with valid certificate.
>>>
>>> But my original problem of cas not logging out still persist.
>>>
>>> On Sat, May 19, 2018 at 4:51 PM, Ramakrishna G  wrote:
>>>
>>> Ray,
>>>
>>> I configured ssl as advised by you. Now I have a different issue.
>>>
>>> When I use CASValidateURL with https url I get this Unauthorized error.
>>> If i remove https it works but logout issue still persist  Unauthorized
>>>
>>> This server could not verify that you are authorized to access the
>>> document requested. Either you supplied the wrong credentials (e.g., bad
>>> password), or your browser doesn't understand how to supply the credentials
>>> required.
>>>
>>>
>>> I am sharing my config
>>>
>>> CASCookiePath /var/cache/mod_auth_cas/
>>>
>>> CASCertificatePath  /etc/httpd/conf/casdev.crt
>>>
>>> CASLoginURL https://192.168.111.12:8443/cas/login
>>>
>>> CASRootProxiedAs https://192.168.111.12:8443
>>>
>>> CASValidateURL  https://192.168.111.12:8443/cas/serviceValidate
>>>
>>> #CASValidateURL http://192.168.111.12:/cas/serviceValidate // *Tomcat
>>> http port *
>>>
>>> CASValidateSAML Off
>>>
>>> CASSSOEnabled On
>>> 
>>>SSLProxyEngine on
>>>SSLProxyVerify none
>>>SSLProxyCheckPeerCN off
>>>SSLProxyCheckPeerName off
>>>SSLProxyCheckPeerExpire off
>>>Loglevel debug
>>> 
>>> AllowOverride
>>> AuthType CAS
>>> require valid-user
>>> CASRenew On
>>> ProxyPass http://192.168.111.10/
>>> ProxyPassReverse http://192.168.111.10/
>>> 
>>> 
>>> Require all granted
>>> ProxyPass https://192.168.111.12:9443/cas  *// Tomcat
>>> https port 9443*
>>> ProxyPassReverse https://192.168.111.12:9443/cas
>>> 
>>>
>>> 
>>>
>>>
>>> On Fri, May 18, 2018 at 8:50 PM, Ray Bon  wrote:
>>>
>>> Ramakrishna,
>>>
>>> During log out when CAS contacts your service (where mod_auth_cas is),
>>> it does so with https. You need to install the custom certificate that is
>>> on your service into the jvm running CAS.
>>>
>>> sudo keytool -import -file ${certName} -alias ${aliasName} -keystore
>>> $JAVA_HOME/jre/lib/security/cacerts
>>>
>>>
>>> https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl
>>>
>>> Ray
>>>
>>> On Fri, 2018-05-18 at 11:04 +0530, Ramakrishna G wrote:
>>>
>>> Ray,
>>>
>>> Let me explain you my architecture. I have a CAS client (mod_auth_cas)
>>> which redirects to NGINX Load Balancer. The nginx forwards to one of the
>>> active CAS Server. Do I need to install certificates on all CAS Server?
>>>
>>> User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for
>>> internal communication from Nginx to CAS server. i.e Plain http
>>> comminication is happenning from nginx to cas server.
>>>
>>>
>>> Can you pls guide me how can I achieve logout for my approach.
>>>
>>> On Thu, May 17, 2018 at 9:49 PM, Ray Bon  wrote:
>>>
>>> Ramakrishna,
>>>
>>> Add this to the log config:
>>>
>>> 
>>>
>>> The above may produce a lot of messages.
>>> It

Re: [cas-user] CAS Logout Issue

2020-03-24 Thread 'Maksim Kopeyka' via CAS Community 
Hi Ramakrishna,

Did you solve your issue? I have the same problem with SSL session which is 
alive after backchannel logout.

On Wednesday, May 23, 2018 at 2:32:41 PM UTC+3, Ramakrishna G wrote:
>
> Ok Ray. Thanks for your help!!
>
> Anyone who has worked on Mod_auth_cas along with CAS server pls guide me. 
> My issue is MOD_AUTH_CAS_S cookie is not removed from browser after logout.
>
> Thanks
> Ramakrishna G
>
> On Tue, May 22, 2018 at 9:53 PM, Ray Bon > 
> wrote:
>
>> Ramakrishna,
>>
>> This now sounds like an issue on the client side. I have not used 
>> mod_auth_cas. Try debugging it and your client for how they handle the 
>> logout request.
>>
>> Ray
>>
>> On Tue, 2018-05-22 at 15:41 +0530, Ramakrishna G wrote:
>>
>> Ray, 
>>
>> I was able to solve the ssl issue using open_sll. Now I am using https at 
>> both end with valid certificate.
>>
>> But my original problem of cas not logging out still persist.
>>
>> On Sat, May 19, 2018 at 4:51 PM, Ramakrishna G 
>> > wrote:
>>
>> Ray, 
>>
>> I configured ssl as advised by you. Now I have a different issue.
>>
>> When I use CASValidateURL with https url I get this Unauthorized error. 
>> If i remove https it works but logout issue still persist  Unauthorized 
>>
>> This server could not verify that you are authorized to access the 
>> document requested. Either you supplied the wrong credentials (e.g., bad 
>> password), or your browser doesn't understand how to supply the credentials 
>> required.
>>
>>
>> I am sharing my config
>>
>> CASCookiePath /var/cache/mod_auth_cas/
>>
>> CASCertificatePath  /etc/httpd/conf/casdev.crt
>>
>> CASLoginURL https://192.168.111.12:8443/cas/login
>>
>> CASRootProxiedAs https://192.168.111.12:8443
>>
>> CASValidateURL  https://192.168.111.12:8443/cas/serviceValidate
>>
>> #CASValidateURL http://192.168.111.12:/cas/serviceValidate // *Tomcat 
>> http port *
>>
>> CASValidateSAML Off
>>
>> CASSSOEnabled On
>> 
>>SSLProxyEngine on
>>SSLProxyVerify none
>>SSLProxyCheckPeerCN off
>>SSLProxyCheckPeerName off
>>SSLProxyCheckPeerExpire off
>>Loglevel debug
>> 
>> AllowOverride
>> AuthType CAS
>> require valid-user
>> CASRenew On
>> ProxyPass http://192.168.111.10/
>> ProxyPassReverse http://192.168.111.10/
>> 
>> 
>> Require all granted
>> ProxyPass https://192.168.111.12:9443/cas  *// Tomcat 
>> https port 9443*
>> ProxyPassReverse https://192.168.111.12:9443/cas
>> 
>>
>> 
>>
>>
>> On Fri, May 18, 2018 at 8:50 PM, Ray Bon > 
>> wrote:
>>
>> Ramakrishna,
>>
>> During log out when CAS contacts your service (where mod_auth_cas is), it 
>> does so with https. You need to install the custom certificate that is on 
>> your service into the jvm running CAS.
>>
>> sudo keytool -import -file ${certName} -alias ${aliasName} -keystore 
>> $JAVA_HOME/jre/lib/security/cacerts
>>
>> https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl
>>
>> Ray
>>
>> On Fri, 2018-05-18 at 11:04 +0530, Ramakrishna G wrote:
>>
>> Ray, 
>>
>> Let me explain you my architecture. I have a CAS client (mod_auth_cas) 
>> which redirects to NGINX Load Balancer. The nginx forwards to one of the 
>> active CAS Server. Do I need to install certificates on all CAS Server?
>>
>> User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for 
>> internal communication from Nginx to CAS server. i.e Plain http 
>> comminication is happenning from nginx to cas server. 
>>
>>
>> Can you pls guide me how can I achieve logout for my approach.
>>
>> On Thu, May 17, 2018 at 9:49 PM, Ray Bon > 
>> wrote:
>>
>> Ramakrishna,
>>
>> Add this to the log config:
>>
>> 
>>
>> The above may produce a lot of messages.
>> It looks to be a problem with CAS contacting your client. It could be a 
>> certificate issue.
>> I guess you created a certificate since it is on a 192 ip. Did you add 
>> the certificate to the java key store? If CAS and your client are on 
>> different machines, then the certificate will need to be added to both.
>>
>> Ray
>>
>> On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
>>
>> Hi Ray, 
>>
>> As said by you, I enabled logs and this is the output
>>
>> 2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager] 
>> - > [TGT-2-*eGcHG1JqHs-client]>
>> 2018-05-17 11:50:46,501 DEBUG 
>> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - 
>> > [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=
>> https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,
>> *artifactId=*
>> ,principal=casuser,loggedOutAlready=false,format=XML]]...>
>> 2018-05-17 11:50:46,503 DEBUG 
>> [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - >

Re: [cas-user] CAS Logout Issue

2018-05-23 Thread Ramakrishna G 
Ok Ray. Thanks for your help!!

Anyone who has worked on Mod_auth_cas along with CAS server pls guide me.
My issue is MOD_AUTH_CAS_S cookie is not removed from browser after logout.

Thanks
Ramakrishna G

On Tue, May 22, 2018 at 9:53 PM, Ray Bon  wrote:

> Ramakrishna,
>
> This now sounds like an issue on the client side. I have not used
> mod_auth_cas. Try debugging it and your client for how they handle the
> logout request.
>
> Ray
>
> On Tue, 2018-05-22 at 15:41 +0530, Ramakrishna G wrote:
>
> Ray,
>
> I was able to solve the ssl issue using open_sll. Now I am using https at
> both end with valid certificate.
>
> But my original problem of cas not logging out still persist.
>
> On Sat, May 19, 2018 at 4:51 PM, Ramakrishna G  wrote:
>
> Ray,
>
> I configured ssl as advised by you. Now I have a different issue.
>
> When I use CASValidateURL with https url I get this Unauthorized error. If
> i remove https it works but logout issue still persist  Unauthorized
>
> This server could not verify that you are authorized to access the
> document requested. Either you supplied the wrong credentials (e.g., bad
> password), or your browser doesn't understand how to supply the credentials
> required.
>
>
> I am sharing my config
>
> CASCookiePath /var/cache/mod_auth_cas/
>
> CASCertificatePath  /etc/httpd/conf/casdev.crt
>
> CASLoginURL https://192.168.111.12:8443/cas/login
>
> CASRootProxiedAs https://192.168.111.12:8443
>
> CASValidateURL  https://192.168.111.12:8443/cas/serviceValidate
>
> #CASValidateURL http://192.168.111.12:/cas/serviceValidate // *Tomcat
> http port *
>
> CASValidateSAML Off
>
> CASSSOEnabled On
> 
>SSLProxyEngine on
>SSLProxyVerify none
>SSLProxyCheckPeerCN off
>SSLProxyCheckPeerName off
>SSLProxyCheckPeerExpire off
>Loglevel debug
> 
> AllowOverride
> AuthType CAS
> require valid-user
> CASRenew On
> ProxyPass http://192.168.111.10/
> ProxyPassReverse http://192.168.111.10/
> 
> 
> Require all granted
> ProxyPass https://192.168.111.12:9443/cas  *// Tomcat
> https port 9443*
> ProxyPassReverse https://192.168.111.12:9443/cas
> 
>
> 
>
>
> On Fri, May 18, 2018 at 8:50 PM, Ray Bon  wrote:
>
> Ramakrishna,
>
> During log out when CAS contacts your service (where mod_auth_cas is), it
> does so with https. You need to install the custom certificate that is on
> your service into the jvm running CAS.
>
> sudo keytool -import -file ${certName} -alias ${aliasName} -keystore
> $JAVA_HOME/jre/lib/security/cacerts
>
> https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl
>
> Ray
>
> On Fri, 2018-05-18 at 11:04 +0530, Ramakrishna G wrote:
>
> Ray,
>
> Let me explain you my architecture. I have a CAS client (mod_auth_cas)
> which redirects to NGINX Load Balancer. The nginx forwards to one of the
> active CAS Server. Do I need to install certificates on all CAS Server?
>
> User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for
> internal communication from Nginx to CAS server. i.e Plain http
> comminication is happenning from nginx to cas server.
>
>
> Can you pls guide me how can I achieve logout for my approach.
>
> On Thu, May 17, 2018 at 9:49 PM, Ray Bon  wrote:
>
> Ramakrishna,
>
> Add this to the log config:
>
> 
>
> The above may produce a lot of messages.
> It looks to be a problem with CAS contacting your client. It could be a
> certificate issue.
> I guess you created a certificate since it is on a 192 ip. Did you add the
> certificate to the java key store? If CAS and your client are on different
> machines, then the certificate will need to be added to both.
>
> Ray
>
> On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
>
> Hi Ray,
>
> As said by you, I enabled logs and this is the output
>
> 2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> -  **eGcHG1JqHs-client]>
> 2018-05-17 11:50:46,501 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  service [org.apereo.cas.authentication.principal.SimpleWebApplicatio
> nServiceImpl@432f5faa[id=https://192.168.111.12:8443/,origin
> alUrl=https://192.168.111.12:8443/,*artifactId=*,princip
> al=casuser,loggedOutAlready=false,format=XML]]...>
> 2018-05-17 11:50:46,503 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  [org.apereo.cas.authentication.principal.SimpleWebApplicatio
> nServiceImpl@432f5faa[id=https://192.168.111.12:8443/,origin
> alUrl=https://192.168.111.12:8443/,artifactId=,princip
> al=casuser,loggedOutAlready=false,format=XML]] supports single logout and
> is found in the registry as [id=1001,name=HTTPS and
> IMAPS,description=This service definition authorizes all application urls
> that support HTTPS and IMAPS

Re: [cas-user] CAS Logout Issue

2018-05-22 Thread Ray Bon 
Ramakrishna,

This now sounds like an issue on the client side. I have not used mod_auth_cas. 
Try debugging it and your client for how they handle the logout request.

Ray

On Tue, 2018-05-22 at 15:41 +0530, Ramakrishna G wrote:
Ray,

I was able to solve the ssl issue using open_sll. Now I am using https at both 
end with valid certificate.

But my original problem of cas not logging out still persist.

On Sat, May 19, 2018 at 4:51 PM, Ramakrishna G 
> wrote:
Ray,

I configured ssl as advised by you. Now I have a different issue.

When I use CASValidateURL with https url I get this Unauthorized error. If i 
remove https it works but logout issue still persist
Unauthorized

This server could not verify that you are authorized to access the document 
requested. Either you supplied the wrong credentials (e.g., bad password), or 
your browser doesn't understand how to supply the credentials required.


I am sharing my config

CASCookiePath /var/cache/mod_auth_cas/

CASCertificatePath  /etc/httpd/conf/casdev.crt

CASLoginURL https://192.168.111.12:8443/cas/login

CASRootProxiedAs https://192.168.111.12:8443

CASValidateURL  https://192.168.111.12:8443/cas/serviceValidate

#CASValidateURL http://192.168.111.12:/cas/serviceValidate // Tomcat http 
port 

CASValidateSAML Off

CASSSOEnabled On


   SSLProxyEngine on
   SSLProxyVerify none
   SSLProxyCheckPeerCN off
   SSLProxyCheckPeerName off
   SSLProxyCheckPeerExpire off
   Loglevel debug

AllowOverride
AuthType CAS
require valid-user
CASRenew On
ProxyPass http://192.168.111.10/
ProxyPassReverse http://192.168.111.10/


Require all granted
ProxyPass https://192.168.111.12:9443/cas  // Tomcat https port 
9443
ProxyPassReverse https://192.168.111.12:9443/cas





On Fri, May 18, 2018 at 8:50 PM, Ray Bon > 
wrote:
Ramakrishna,

During log out when CAS contacts your service (where mod_auth_cas is), it does 
so with https. You need to install the custom certificate that is on your 
service into the jvm running CAS.

sudo keytool -import -file ${certName} -alias ${aliasName} -keystore 
$JAVA_HOME/jre/lib/security/cacerts

https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl

Ray

On Fri, 2018-05-18 at 11:04 +0530, Ramakrishna G wrote:
Ray,

Let me explain you my architecture. I have a CAS client (mod_auth_cas) which 
redirects to NGINX Load Balancer. The nginx forwards to one of the active CAS 
Server. Do I need to install certificates on all CAS Server?

User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for 
internal communication from Nginx to CAS server. i.e Plain http comminication 
is happenning from nginx to cas server.
[cid:1527006185.1830.4.camel@uvic.ca]

Can you pls guide me how can I achieve logout for my approach.

On Thu, May 17, 2018 at 9:49 PM, Ray Bon > 
wrote:
Ramakrishna,

Add this to the log config:



The above may produce a lot of messages.
It looks to be a problem with CAS contacting your client. It could be a 
certificate issue.
I guess you created a certificate since it is on a 192 ip. Did you add the 
certificate to the java key store? If CAS and your client are on different 
machines, then the certificate will need to be added to both.

Ray

On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
Hi Ray,

As said by you, I enabled logs and this is the output

2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager] - 

2018-05-17 11:50:46,501 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]...>
2018-05-17 11:50:46,503 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 supports single logout and is found in the registry as [id=1001,name=HTTPS 
and IMAPS,description=This service definition authorizes all application urls 
that support HTTPS and IMAPS

Re: [cas-user] CAS Logout Issue

2018-05-22 Thread Ramakrishna G 
Ray,

I was able to solve the ssl issue using open_sll. Now I am using https at
both end with valid certificate.

But my original problem of cas not logging out still persist.

On Sat, May 19, 2018 at 4:51 PM, Ramakrishna G  wrote:

> Ray,
>
> I configured ssl as advised by you. Now I have a different issue.
>
> When I use CASValidateURL with https url I get this Unauthorized error. If
> i remove https it works but logout issue still persist Unauthorized
>
> This server could not verify that you are authorized to access the
> document requested. Either you supplied the wrong credentials (e.g., bad
> password), or your browser doesn't understand how to supply the credentials
> required.
>
>
> I am sharing my config
>
> CASCookiePath /var/cache/mod_auth_cas/
>
> CASCertificatePath  /etc/httpd/conf/casdev.crt
>
> CASLoginURL https://192.168.111.12:8443/cas/login
>
> CASRootProxiedAs https://192.168.111.12:8443
>
> CASValidateURL  https://192.168.111.12:8443/cas/serviceValidate
>
> #CASValidateURL http://192.168.111.12:/cas/serviceValidate // *Tomcat
> http port *
>
> CASValidateSAML Off
>
> CASSSOEnabled On
> 
>SSLProxyEngine on
>SSLProxyVerify none
>SSLProxyCheckPeerCN off
>SSLProxyCheckPeerName off
>SSLProxyCheckPeerExpire off
>Loglevel debug
> 
> AllowOverride
> AuthType CAS
> require valid-user
> CASRenew On
> ProxyPass http://192.168.111.10/
> ProxyPassReverse http://192.168.111.10/
> 
> 
> Require all granted
> ProxyPass https://192.168.111.12:9443/cas  *// Tomcat
> https port 9443*
> ProxyPassReverse https://192.168.111.12:9443/cas
> 
>
> 
>
>
> On Fri, May 18, 2018 at 8:50 PM, Ray Bon  wrote:
>
>> Ramakrishna,
>>
>> During log out when CAS contacts your service (where mod_auth_cas is), it
>> does so with https. You need to install the custom certificate that is on
>> your service into the jvm running CAS.
>>
>> sudo keytool -import -file ${certName} -alias ${aliasName} -keystore
>> $JAVA_HOME/jre/lib/security/cacerts
>>
>> https://apereo.github.io/cas/developer/Build-Process-5X.html
>> #configure-ssl
>>
>> Ray
>>
>> On Fri, 2018-05-18 at 11:04 +0530, Ramakrishna G wrote:
>>
>> Ray,
>>
>> Let me explain you my architecture. I have a CAS client (mod_auth_cas)
>> which redirects to NGINX Load Balancer. The nginx forwards to one of the
>> active CAS Server. Do I need to install certificates on all CAS Server?
>>
>> User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for
>> internal communication from Nginx to CAS server. i.e Plain http
>> comminication is happenning from nginx to cas server.
>>
>>
>> Can you pls guide me how can I achieve logout for my approach.
>>
>> On Thu, May 17, 2018 at 9:49 PM, Ray Bon  wrote:
>>
>> Ramakrishna,
>>
>> Add this to the log config:
>>
>> 
>>
>> The above may produce a lot of messages.
>> It looks to be a problem with CAS contacting your client. It could be a
>> certificate issue.
>> I guess you created a certificate since it is on a 192 ip. Did you add
>> the certificate to the java key store? If CAS and your client are on
>> different machines, then the certificate will need to be added to both.
>>
>> Ray
>>
>> On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
>>
>> Hi Ray,
>>
>> As said by you, I enabled logs and this is the output
>>
>> 2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager]
>> - > **eGcHG1JqHs-client]>
>> 2018-05-17 11:50:46,501 DEBUG [org.apereo.cas.logout.Default
>> SingleLogoutServiceMessageHandler] - > service [org.apereo.cas.authentication.principal.SimpleWebApplicatio
>> nServiceImpl@432f5faa[id=https://192.168.111.12:8443/,origin
>> alUrl=https://192.168.111.12:8443/,*artifactId=*,
>> principal=casuser,loggedOutAlready=false,format=XML]]...>
>> 2018-05-17 11:50:46,503 DEBUG [org.apereo.cas.logout.Default
>> SingleLogoutServiceMessageHandler] - > [org.apereo.cas.authentication.principal.SimpleWebApplicatio
>> nServiceImpl@432f5faa[id=https://192.168.111.12:8443/,origin
>> alUrl=https://192.168.111.12:8443/,artifactId=,
>> principal=casuser,loggedOutAlready=false,format=XML]] supports single
>> logout and is found in the registry as [id=1001,name=HTTPS and
>> IMAPS,description=This service definition authorizes all application urls
>> that support HTTPS and IMAPS protocols.,serviceId=^(https|i
>> maps)://.*,usernameAttributeProvider=org.apereo.cas.services
>> .DefaultRegisteredServiceUsernameProvider@d,theme=,
>> evaluationOrder=1,logoutType=BACK_CHANNEL,attributeRelea
>> sePolicy=org.apereo.cas.services.ReturnAllowedAttributeRelea
>> sePolicy@15646ed9[attributeFilter=,principalAttributes
>> Repository=org.apereo.cas.authentication.principal.Defau
>> ltPrincipalAttributesRepository@7923006f[],authorizedToRelea

Re: [cas-user] CAS Logout Issue

2018-05-19 Thread Ramakrishna G 
 Ray,

I configured ssl as advised by you. Now I have a different issue.

When I use CASValidateURL with https url I get this Unauthorized error. If
i remove https it works but logout issue still persist Unauthorized

This server could not verify that you are authorized to access the document
requested. Either you supplied the wrong credentials (e.g., bad password),
or your browser doesn't understand how to supply the credentials required.


I am sharing my config

CASCookiePath /var/cache/mod_auth_cas/

CASCertificatePath  /etc/httpd/conf/casdev.crt

CASLoginURL https://192.168.111.12:8443/cas/login

CASRootProxiedAs https://192.168.111.12:8443

CASValidateURL  https://192.168.111.12:8443/cas/serviceValidate

#CASValidateURL http://192.168.111.12:/cas/serviceValidate // *Tomcat
http port *

CASValidateSAML Off

CASSSOEnabled On

   SSLProxyEngine on
   SSLProxyVerify none
   SSLProxyCheckPeerCN off
   SSLProxyCheckPeerName off
   SSLProxyCheckPeerExpire off
   Loglevel debug

AllowOverride
AuthType CAS
require valid-user
CASRenew On
ProxyPass http://192.168.111.10/
ProxyPassReverse http://192.168.111.10/


Require all granted
ProxyPass https://192.168.111.12:9443/cas  *// Tomcat https
port 9443*
ProxyPassReverse https://192.168.111.12:9443/cas





On Fri, May 18, 2018 at 8:50 PM, Ray Bon  wrote:

> Ramakrishna,
>
> During log out when CAS contacts your service (where mod_auth_cas is), it
> does so with https. You need to install the custom certificate that is on
> your service into the jvm running CAS.
>
> sudo keytool -import -file ${certName} -alias ${aliasName} -keystore
> $JAVA_HOME/jre/lib/security/cacerts
>
> https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl
>
> Ray
>
> On Fri, 2018-05-18 at 11:04 +0530, Ramakrishna G wrote:
>
> Ray,
>
> Let me explain you my architecture. I have a CAS client (mod_auth_cas)
> which redirects to NGINX Load Balancer. The nginx forwards to one of the
> active CAS Server. Do I need to install certificates on all CAS Server?
>
> User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for
> internal communication from Nginx to CAS server. i.e Plain http
> comminication is happenning from nginx to cas server.
>
>
> Can you pls guide me how can I achieve logout for my approach.
>
> On Thu, May 17, 2018 at 9:49 PM, Ray Bon  wrote:
>
> Ramakrishna,
>
> Add this to the log config:
>
> 
>
> The above may produce a lot of messages.
> It looks to be a problem with CAS contacting your client. It could be a
> certificate issue.
> I guess you created a certificate since it is on a 192 ip. Did you add the
> certificate to the java key store? If CAS and your client are on different
> machines, then the certificate will need to be added to both.
>
> Ray
>
> On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
>
> Hi Ray,
>
> As said by you, I enabled logs and this is the output
>
> 2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> -  **eGcHG1JqHs-client]>
> 2018-05-17 11:50:46,501 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  service [org.apereo.cas.authentication.principal.SimpleWebApplicatio
> nServiceImpl@432f5faa[id=https://192.168.111.12:8443/,
> originalUrl=https://192.168.111.12:8443/,*artifactId=*
> ,principal=casuser,loggedOutAlready=false,format=XML]]...>
> 2018-05-17 11:50:46,503 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  [org.apereo.cas.authentication.principal.SimpleWebApplicatio
> nServiceImpl@432f5faa[id=https://192.168.111.12:8443/,
> originalUrl=https://192.168.111.12:8443/,artifactId=
> ,principal=casuser,loggedOutAlready=false,format=XML]] supports single
> logout and is found in the registry as [id=1001,name=HTTPS and
> IMAPS,description=This service definition authorizes all application urls
> that support HTTPS and IMAPS protocols.,serviceId=^(https|i
> maps)://.*,usernameAttributeProvider=org.apereo.cas.
> services.DefaultRegisteredServiceUsernameProvider@d,theme=<
> null>,evaluationOrder=1,logoutType=BACK_CHANNEL,attribut
> eReleasePolicy=org.apereo.cas.services.ReturnAllowedAttribut
> eReleasePolicy@15646ed9[attributeFilter=,principalAttr
> ibutesRepository=org.apereo.cas.authentication.principal.D
> efaultPrincipalAttributesRepository@7923006f[],authorizedToR
> eleaseCredentialPassword=false,authorizedToReleaseAuthe
> nticationAttributes=true,authorizedToReleaseProxyGrantingTic
> ket=false,excludeDefaultAttributes=false,principalIdAttribute=,
> consentPolicy=org.apereo.cas.services.consent.DefaultRegist
> eredServiceConsentPolicy@330ae512[excludedAttributes=<
> null>,includeOnlyAttributes=,enabled=true],allowedAtt
> ributes=[]],accessStrategy=org.apereo.cas.services.Defaul
>

Re: [cas-user] CAS Logout Issue

2018-05-19 Thread Ramakrishna G 
Ray,

I configured ssl as advised by you. Now I have a different issue.

When I use CASValidateURL with https url I get this error. If i remove
https it works but logout issue still persist Unauthorized

This server could not verify that you are authorized to access the document
requested. Either you supplied the wrong credentials (e.g., bad password),
or your browser doesn't understand how to supply the credentials required.


I am sharing my config

CASCookiePath /var/cache/mod_auth_cas/

CASCertificatePath  /etc/httpd/conf/casdev.crt

CASLoginURL https://192.168.111.12:8443/cas/login

CASRootProxiedAs https://192.168.111.12:8443

CASValidateURL  https://192.168.111.12:8443/cas/serviceValidate

#CASValidateURL http://192.168.111.12:/cas/serviceValidate // Tomcat
http port

CASValidateSAML Off

CASSSOEnabled On

   SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
Loglevel debug

AllowOverride
AuthType CAS
require valid-user
# CASGateway /sbimf/css
CASRenew On
ProxyPass http://192.168.111.10/
ProxyPassReverse http://192.168.111.10/


Require all granted
ProxyPass https://192.168.111.12:9443/cas
ProxyPassReverse https://192.168.111.12:9443/cas






On Fri, May 18, 2018 at 8:50 PM, Ray Bon  wrote:

> Ramakrishna,
>
> During log out when CAS contacts your service (where mod_auth_cas is), it
> does so with https. You need to install the custom certificate that is on
> your service into the jvm running CAS.
>
> sudo keytool -import -file ${certName} -alias ${aliasName} -keystore
> $JAVA_HOME/jre/lib/security/cacerts
>
> https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl
>
> Ray
>
> On Fri, 2018-05-18 at 11:04 +0530, Ramakrishna G wrote:
>
> Ray,
>
> Let me explain you my architecture. I have a CAS client (mod_auth_cas)
> which redirects to NGINX Load Balancer. The nginx forwards to one of the
> active CAS Server. Do I need to install certificates on all CAS Server?
>
> User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for
> internal communication from Nginx to CAS server. i.e Plain http
> comminication is happenning from nginx to cas server.
>
>
> Can you pls guide me how can I achieve logout for my approach.
>
> On Thu, May 17, 2018 at 9:49 PM, Ray Bon  wrote:
>
> Ramakrishna,
>
> Add this to the log config:
>
> 
>
> The above may produce a lot of messages.
> It looks to be a problem with CAS contacting your client. It could be a
> certificate issue.
> I guess you created a certificate since it is on a 192 ip. Did you add the
> certificate to the java key store? If CAS and your client are on different
> machines, then the certificate will need to be added to both.
>
> Ray
>
> On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
>
> Hi Ray,
>
> As said by you, I enabled logs and this is the output
>
> 2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> -  **eGcHG1JqHs-client]>
> 2018-05-17 11:50:46,501 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  service [org.apereo.cas.authentication.principal.SimpleWebApplicatio
> nServiceImpl@432f5faa[id=https://192.168.111.12:8443/,
> originalUrl=https://192.168.111.12:8443/,*artifactId=*
> ,principal=casuser,loggedOutAlready=false,format=XML]]...>
> 2018-05-17 11:50:46,503 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  [org.apereo.cas.authentication.principal.SimpleWebApplicatio
> nServiceImpl@432f5faa[id=https://192.168.111.12:8443/,
> originalUrl=https://192.168.111.12:8443/,artifactId=
> ,principal=casuser,loggedOutAlready=false,format=XML]] supports single
> logout and is found in the registry as [id=1001,name=HTTPS and
> IMAPS,description=This service definition authorizes all application urls
> that support HTTPS and IMAPS protocols.,serviceId=^(https|i
> maps)://.*,usernameAttributeProvider=org.apereo.cas.
> services.DefaultRegisteredServiceUsernameProvider@d,theme=<
> null>,evaluationOrder=1,logoutType=BACK_CHANNEL,attribut
> eReleasePolicy=org.apereo.cas.services.ReturnAllowedAttribut
> eReleasePolicy@15646ed9[attributeFilter=,principalAttr
> ibutesRepository=org.apereo.cas.authentication.principal.D
> efaultPrincipalAttributesRepository@7923006f[],authorizedToR
> eleaseCredentialPassword=false,authorizedToReleaseAuthe
> nticationAttributes=true,authorizedToReleaseProxyGrantingTic
> ket=false,excludeDefaultAttributes=false,principalIdAttribute=,
> consentPolicy=org.apereo.cas.services.consent.DefaultRegist
> eredServiceConsentPolicy@330ae512[excludedAttributes=<
> null>,includeOnlyAttributes=,enabled=true],allowedAtt
> ributes=[]],accessStrategy=org.apereo.cas.services.Defaul
>

Re: [cas-user] CAS Logout Issue

2018-05-18 Thread Ray Bon 
Ramakrishna,

During log out when CAS contacts your service (where mod_auth_cas is), it does 
so with https. You need to install the custom certificate that is on your 
service into the jvm running CAS.

sudo keytool -import -file ${certName} -alias ${aliasName} -keystore 
$JAVA_HOME/jre/lib/security/cacerts

https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl

Ray

On Fri, 2018-05-18 at 11:04 +0530, Ramakrishna G wrote:
Ray,

Let me explain you my architecture. I have a CAS client (mod_auth_cas) which 
redirects to NGINX Load Balancer. The nginx forwards to one of the active CAS 
Server. Do I need to install certificates on all CAS Server?

User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for 
internal communication from Nginx to CAS server. i.e Plain http comminication 
is happenning from nginx to cas server.
[cid:1526656841.1817.95.camel@uvic.ca]

Can you pls guide me how can I achieve logout for my approach.

On Thu, May 17, 2018 at 9:49 PM, Ray Bon > 
wrote:
Ramakrishna,

Add this to the log config:



The above may produce a lot of messages.
It looks to be a problem with CAS contacting your client. It could be a 
certificate issue.
I guess you created a certificate since it is on a 192 ip. Did you add the 
certificate to the java key store? If CAS and your client are on different 
machines, then the certificate will need to be added to both.

Ray

On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
Hi Ray,

As said by you, I enabled logs and this is the output

2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager] - 

2018-05-17 11:50:46,501 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]...>
2018-05-17 11:50:46,503 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 supports single logout and is found in the registry as [id=1001,name=HTTPS 
and IMAPS,description=This service definition authorizes all application urls 
that support HTTPS and IMAPS 
protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=,evaluationOrder=1,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@15646ed9[attributeFilter=,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@7923006f[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@330ae512[excludedAttributes=,includeOnlyAttributes=,enabled=true],allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@5bc47191[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=,caseInsensitive=false,rejectedAttributes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2cd156ce,logo=,logoutUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dc092b8[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=,principalAttributeValueToMatch=,bypassEnabled=false],informationUrl=,privacyUrl=,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@687fb318[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=],].
 Proceeding...>
2018-05-17 11:50:46,514 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/] for service 
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]>
2018-05-17 11:50:46,515 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,517 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]
 created for

Re: [cas-user] CAS Logout Issue

2018-05-17 Thread Ramakrishna G 
Ray,

Let me explain you my architecture. I have a CAS client (mod_auth_cas)
which redirects to NGINX Load Balancer. The nginx forwards to one of the
active CAS Server. Do I need to install certificates on all CAS Server?

User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for
internal communication from Nginx to CAS server. i.e Plain http
comminication is happenning from nginx to cas server.


Can you pls guide me how can I achieve logout for my approach.

On Thu, May 17, 2018 at 9:49 PM, Ray Bon  wrote:

> Ramakrishna,
>
> Add this to the log config:
>
> 
>
> The above may produce a lot of messages.
> It looks to be a problem with CAS contacting your client. It could be a
> certificate issue.
> I guess you created a certificate since it is on a 192 ip. Did you add the
> certificate to the java key store? If CAS and your client are on different
> machines, then the certificate will need to be added to both.
>
> Ray
>
> On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
>
> Hi Ray,
>
> As said by you, I enabled logs and this is the output
>
> 2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> -  **eGcHG1JqHs-client]>
> 2018-05-17 11:50:46,501 DEBUG [org.apereo.cas.logout.
> DefaultSingleLogoutServiceMessageHandler] -  for service [org.apereo.cas.authentication.principal.
> SimpleWebApplicationServiceImpl@432f5faa[id=https://192.168.
> 111.12:8443/,originalUrl=https://192.168.111.12:8443/,*artifactId=*
> ,principal=casuser,loggedOutAlready=false,format=XML]]...>
> 2018-05-17 11:50:46,503 DEBUG [org.apereo.cas.logout.
> DefaultSingleLogoutServiceMessageHandler] -  authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=
> https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,
> artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
> supports single logout and is found in the registry as
> [id=1001,name=HTTPS and IMAPS,description=This service definition
> authorizes all application urls that support HTTPS and IMAPS
> protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.
> apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d
> ,theme=,evaluationOrder=1,logoutType=BACK_CHANNEL,
> attributeReleasePolicy=org.apereo.cas.services.
> ReturnAllowedAttributeReleasePolicy@15646ed9[attributeFilter=,
> principalAttributesRepository=org.apereo.cas.authentication.principal.
> DefaultPrincipalAttributesRepository@7923006f[],
> authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticat
> ionAttributes=true,authorizedToReleaseProxyGrantingTicket=false,
> excludeDefaultAttributes=false,principalIdAttribute=<
> null>,consentPolicy=org.apereo.cas.services.consent.
> DefaultRegisteredServiceConsentPolicy@330ae512[excludedAttributes=,
> includeOnlyAttributes=,enabled=true],allowedAttributes=[]],
> accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccess
> Strategy@5bc47191[enabled=true,ssoEnabled=true,requireAllAttributes=true,
> requiredAttributes={},unauthorizedRedirectUrl=
> ,caseInsensitive=false,rejectedAttributes={}],
> publicKey=,proxyPolicy=org.apereo.cas.services.
> RefuseRegisteredServiceProxyPolicy@2cd156ce,logo=,logoutUrl=,
> requiredHandlers=[],properties={},multifactorPolicy=org.apereo.
> cas.services.DefaultRegisteredServiceMultifactorPolicy@6dc092b8[
> multifactorAuthenticationProviders=[],failureMode=NOT_SET,
> principalAttributeNameTrigger=,principalAttributeValueToMatch
> =,bypassEnabled=false],informationUrl=,
> privacyUrl=,contacts=[],expirationPolicy=org.apereo.cas.services.
> DefaultRegisteredServiceExpirationPolicy@687fb318[deleteWhenExpired=false,
> notifyWhenDeleted=false,expirationDate=],]. Proceeding...>
> 2018-05-17 11:50:46,514 DEBUG [org.apereo.cas.logout.
> DefaultSingleLogoutServiceMessageHandler] -  https://192.168.111.12:8443/] for service [org.apereo.cas.
> authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=
> https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,
> artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]>
> 2018-05-17 11:50:46,515 DEBUG [org.apereo.cas.logout.
> DefaultSingleLogoutServiceMessageHandler] -  [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImp
> l@432f5faa[id=https://192.168.111.12:8443/,originalUrl=
> https://192.168.111.12:8443/,artifactId=,principal=
> casuser,loggedOutAlready=false,format=XML]] and ticket id [ST-3-Ca79ror-
> smWCKyQzaBNn0ZYt6l0-client]>
> 2018-05-17 11:50:46,517 DEBUG [org.apereo.cas.logout.
> DefaultSingleLogoutServiceMessageHandler] -  [org.apereo.cas.logout.DefaultLogoutRequest@61e23890[
> ticketId=ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client,service=org.apereo.cas.
> authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=
> https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,
> artifactId=,principal=casuser,loggedOutAlready=
>

Re: [cas-user] CAS Logout Issue

2018-05-17 Thread Ray Bon 
Ramakrishna,

Add this to the log config:



The above may produce a lot of messages.
It looks to be a problem with CAS contacting your client. It could be a 
certificate issue.
I guess you created a certificate since it is on a 192 ip. Did you add the 
certificate to the java key store? If CAS and your client are on different 
machines, then the certificate will need to be added to both.

Ray

On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
Hi Ray,

As said by you, I enabled logs and this is the output

2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager] - 

2018-05-17 11:50:46,501 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]...>
2018-05-17 11:50:46,503 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 supports single logout and is found in the registry as [id=1001,name=HTTPS 
and IMAPS,description=This service definition authorizes all application urls 
that support HTTPS and IMAPS 
protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=,evaluationOrder=1,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@15646ed9[attributeFilter=,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@7923006f[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@330ae512[excludedAttributes=,includeOnlyAttributes=,enabled=true],allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@5bc47191[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=,caseInsensitive=false,rejectedAttributes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2cd156ce,logo=,logoutUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dc092b8[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=,principalAttributeValueToMatch=,bypassEnabled=false],informationUrl=,privacyUrl=,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@687fb318[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=],].
 Proceeding...>
2018-05-17 11:50:46,514 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/] for service 
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]>
2018-05-17 11:50:46,515 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,517 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]
 created for 
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,518 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 is [BACK_CHANNEL]>
2018-05-17 11:50:46,519 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]>
2018-05-17 11:50:46,522 DEBUG 
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - @NOT_USED@ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,522 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/] to 
[https://192.168.111.12:8443/]>
2018-05-17 11:50:46,547 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -

Re: [cas-user] CAS Logout Issue

2018-05-17 Thread Ramakrishna G 
Hi Ray,

As said by you, I enabled logs and this is the output

2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager] -

2018-05-17 11:50:46,501 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,
*artifactId=*
,principal=casuser,loggedOutAlready=false,format=XML]]...>
2018-05-17 11:50:46,503 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
supports single logout and is found in the registry as
[id=1001,name=HTTPS and IMAPS,description=This service definition
authorizes all application urls that support HTTPS and IMAPS
protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d
,theme=,evaluationOrder=1,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@15646ed9
[attributeFilter=,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@7923006f
[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@330ae512
[excludedAttributes=,includeOnlyAttributes=,enabled=true],allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@5bc47191
[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=,caseInsensitive=false,rejectedAttributes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2cd156ce
,logo=,logoutUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dc092b8
[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=,principalAttributeValueToMatch=,bypassEnabled=false],informationUrl=,privacyUrl=,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@687fb318[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=],].
Proceeding...>
2018-05-17 11:50:46,514 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/] for service
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa
[id=
https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=
,principal=casuser,loggedOutAlready=false,format=XML]]>
2018-05-17 11:50:46,515 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,517 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]
created for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa
[id=
https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,518 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
is [BACK_CHANNEL]>
2018-05-17 11:50:46,519 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=
,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]>
2018-05-17 11:50:46,522 DEBUG
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - @NOT_USED@
ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,522 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/] to [
https://192.168.111.12:8443/]>
2018-05-17 11:50:46,547 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/,message=@NOT_USED@ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client,asynchronous=false,contentType=application/x-www-form-urlencoded,responseCode=0]].
Sending...>
2018-05-17 11:50:46,659 WARN
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -* https://192.168.111.12:8443/
]; Continuing processing...>*
2018-05-17 11:50:46,661 INFO [org.apereo.cas.logout.DefaultLogoutManager] -
<[1] logout requests were

Re: [cas-user] CAS Logout Issue

2018-05-15 Thread Ray Bon 
Ramakrishna,

If the TGT is destroyed, then that SSO session is also destroyed even if the 
TGC is not (why TGC is not removed is odd).
If you are still logged in to the client application, your client may not be 
part of single log out (SLO). It is up to the client to manage its own session.
When you say 'valid ticket', do you mean a new service ticket?

You can try these log4j2 options to see what is happening during the logout 
process:


















Ray

On Tue, 2018-05-15 at 15:58 +0530, Ramakrishna G wrote:
On Clicking logout which calls the cas/logout link :

WHO: casuser
WHAT: 
TGT-1-*CPmWzMzi-I-client
ACTION: TICKET_GRANTING_TICKET_DESTROYED
APPLICATION: CAS
WHEN: Tue May 15 15:45:17 IST 2018
CLIENT IP ADDRESS: 192.168.111.12
SERVER IP ADDRESS: 192.168.111.12
=



But i can see that in the browser , the TGC cookie still resides , which forces 
me to delete the cookies or close the browser for a fresh login. Is there any 
way to avoid this?

On Sat, May 12, 2018 at 1:45 PM, Ramakrishna G 
> wrote:
Yes it is redirected to logout page, yet cookies is not removed. When I refresh 
it redirects to application with valid ticket instead of redirecting to login 
page.


On Fri, May 11, 2018 at 8:39 PM, Ray Bon > 
wrote:
Ramakrishna,

If the browser is redirected to /cas/logout, the cookies will/should be removed.

Ray

On Fri, 2018-05-11 at 19:30 +0530, Ramakrishna G wrote:
Hello Team,

On logout CAS cookies are not removed from browser. I need to forcefully clear. 
What might be the reason?

Thanks
Ramakrishna G

--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526051367.1797.41.camel%40uvic.ca.





--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526408970.1817.28.camel%40uvic.ca.

Re: [cas-user] CAS Logout Issue

2018-05-15 Thread Ramakrishna G 
 On Clicking logout which calls the cas/logout link :

WHO: casuser
WHAT:
TGT-1-*CPmWzMzi-I-client
ACTION: TICKET_GRANTING_TICKET_DESTROYED
APPLICATION: CAS
WHEN: Tue May 15 15:45:17 IST 2018
CLIENT IP ADDRESS: 192.168.111.12
SERVER IP ADDRESS: 192.168.111.12
=



But i can see that in the browser , the TGC cookie still resides , which
forces me to delete the cookies or close the browser for a fresh login. Is
there any way to avoid this?

On Sat, May 12, 2018 at 1:45 PM, Ramakrishna G  wrote:

> Yes it is redirected to logout page, yet cookies is not removed. When I
> refresh it redirects to application with valid ticket instead of
> redirecting to login page.
>
>
> On Fri, May 11, 2018 at 8:39 PM, Ray Bon  wrote:
>
>> Ramakrishna,
>>
>> If the browser is redirected to /cas/logout, the cookies will/should be
>> removed.
>>
>> Ray
>>
>> On Fri, 2018-05-11 at 19:30 +0530, Ramakrishna G wrote:
>>
>> Hello Team,
>>
>> On logout CAS cookies are not removed from browser. I need to forcefully
>> clear. What might be the reason?
>>
>> Thanks
>> Ramakrishna G
>>
>> --
>> Ray Bon
>> Programmer analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | r...@uvic.ca
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/1526051367.1797.41.camel%40uvic.ca
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_Vre5%2BX87sWDfGdH7KZ5JGZtjEZA6agpjj-Z%3DmZFy4mw%40mail.gmail.com.

Re: [cas-user] CAS Logout Issue

2018-05-12 Thread Ramakrishna G 
Yes it is redirected to logout page, yet cookies is not removed. When I
refresh it redirects to application with valid ticket instead of
redirecting to login page.


On Fri, May 11, 2018 at 8:39 PM, Ray Bon  wrote:

> Ramakrishna,
>
> If the browser is redirected to /cas/logout, the cookies will/should be
> removed.
>
> Ray
>
> On Fri, 2018-05-11 at 19:30 +0530, Ramakrishna G wrote:
>
> Hello Team,
>
> On logout CAS cookies are not removed from browser. I need to forcefully
> clear. What might be the reason?
>
> Thanks
> Ramakrishna G
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/1526051367.1797.41.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P8jxTC0Cn8EsGvD2QjoBPdO9CjzSSXe_ighqxOsfaJgRA%40mail.gmail.com.

Re: [cas-user] CAS Logout Issue

2018-05-11 Thread Ray Bon 
Ramakrishna,

If the browser is redirected to /cas/logout, the cookies will/should be removed.

Ray

On Fri, 2018-05-11 at 19:30 +0530, Ramakrishna G wrote:
Hello Team,

On logout CAS cookies are not removed from browser. I need to forcefully clear. 
What might be the reason?

Thanks
Ramakrishna G

--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526051367.1797.41.camel%40uvic.ca.