Skip to content

CAS 3.2.1 Single sign out issue

April 1, 2009

On further investigation, it is confirmed that the request to client was going for Single sign out only.  The details of the request that were being sent is as follows:


<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"           
              ID="LR-1-Y4MK9W3dg1W2z35Ov5SywlWheLGkKR0H7Ij" Version="2.0"          
               IssueInstant="2008-12-30T13:49:33Z">

<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
              @NOT_USED@
</saml:NameID>
<samlp:SessionIndex>ST-1-f3IMYWclRjBzxu2HQ09J-cas</samlp:SessionIndex>

</samlp:LogoutRequest>

However this functionality even if enabled would not be useful now since the client jar – is Yale CAS Client version 2.1.1 which does not support Single Sign Out functionality.
[ In future, if we need to use single sign out feature – we would be needing to upgrade to Ja-Sig CAS Client and we can enable/switch on the feature of SSout in CAS Server as well ]

The feature of single sign out is configurable.The posts below confirm my understanding:
http://www.nabble.com/Logout-issues-td18928566.html
http://www.nabble.com/How-do-I-turn-off-single-sign-out-in-CAS3.2%2B-td18765177.html

For configuring – CAS Server not to generate the http request for SSout  –  we need to add the value of the Boolean for single sign out In the file :
/WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml
<bean
id=”casArgumentExtractor”
class=”org.jasig.cas.web.support.CasArgumentExtractor” >

<property name=”disableSingleSignOut” value=”true” />
</bean>

On doing the above – no request is sent to the client – and only clean up of cookie and service ticket is performed at the server side.

CAS Server  needs to  be customized to have the configurable URL for sending the logout request to client. – since the serviceUrl which it receives  – is not reachable inside the architecture.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: