Ben,
Cas session (TGT / TGC) and your application session are independent.
Logout requests are only sent by cas when cas/logout is visited.
Your application (cas client) must be able to receive and process the logout
request.
These loggers may help:
<!-- INFO Performing logout operations for [TGT-...]
[number] logout requests were processed
DEBUG ST, principal and URL -->
<Logger name="org.apereo.cas.logout.DefaultLogoutManager" level="info">
<Filters>
<ThresholdFilter level="INFO" onMatch="ACCEPT" onMismatch="NEUTRAL" />
<RegexFilter regex="Captured logout request.*" onMismatch="DENY" />
</Filters>
</Logger>
<!-- DEBUG Logout request will be sent to but does not print anything when
login was through SAML 1.1 -->
<Logger name="org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder"
level="warn" />
<!-- DEBUG preparing, processing and logout with URL and ST -->
<Logger name="org.apereo.cas.logout.slo" level="warn" />
<!-- DEBUG SAML logout payload -->
<Logger name="org.apereo.cas.logout.SamlCompliantLogoutMessageCreator"
level="warn" />
Ray
P.S. default-redirect is where cas will redirect when no service is provided at
login
On Tue, 2024-11-05 at 06:55 -0800, Ben wrote:
I'm sure I'm misunderstanding it, but in my properties, I added the following
to try to resolve the issue:
cas.view.default-redirect-url= ${cas.server.name}/cas
cas.logout.follow-service-redirects=true
cas.slo.asynchronous=true
My application is built in angular 2. Shouldn't it auto log out if the TGC is
expired similar to ng-idle?
Ben Chang
On Monday, November 4, 2024 at 9:39:44 PM UTC-5 Dmitriy Kopylenko wrote:
This could be helpful
https://apereo.github.io/cas/7.0.x/installation/Logout-Single-Signout.html
D.
On Mon, Nov 4, 2024 at 14:56 Ben <zeal...@gmail.com> wrote:
I thought CAS superseded the client apps session? Is there a way to overwrite
the local session?
On Monday, November 4, 2024 at 1:38:23 PM UTC-5 Dmitriy Kopylenko wrote:
The client app could be keeping their own local session.
D.
On Mon, Nov 4, 2024 at 11:33 Ben <zeal...@gmail.com> wrote:
Hello,
I am trying to set up a service to require a specific application to log out
after x (currently set to 5 as a test) seconds. I see the logs saying its
logging out, but when I click around the website, refresh, or make user
changes, I'm still logged in and it isn't requiring me to log in.
I have the following config services. I don't think anything is interfering
with the other.
"proxyPolicy":
{
"@class":
"org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern": "^https?://.*"
},
"attributeReleasePolicy" : {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true
},
"ticketGrantingTicketExpirationPolicy":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy",
"maxTimeToLiveInSeconds":5
}
Any help would be appreciated.
Looking at
https://groups.google.com/a/apereo.org/g/cas-user/c/zvo3KBi46IU/m/fF-prmwDAQAJ,
I tried disabling SLO too and that didn't work.
The logs show the following indicating that I'm logged out (but not).
2024-11-04 06:58:37 2024-11-04 11:58:37,840 INFO
[org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
2024-11-04 06:58:37
=============================================================
2024-11-04 06:58:37 WHEN: 2024-11-04T11:58:37.840180900
2024-11-04 06:58:37 WHO: te...@example.com
2024-11-04 06:58:37 WHAT: TGT-1-****************n9NDYZKzU4-localhost
2024-11-04 06:58:37 ACTION: LOGOUT_SUCCESS
2024-11-04 06:58:37 CLIENT_IP: unknown
2024-11-04 06:58:37 SERVER_IP: unknown
2024-11-04 06:58:37
=============================================================
2024-11-04 06:58:37
2024-11-04 06:58:37 >
2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Cleaning up
expired ticket [TGT-1-****************n9NDYZKzU4-localhost]>
2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing children of
ticket [TGT-1-****************n9NDYZKzU4-localhost] from the registry.>
2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG
[org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Ticket
[ST-1-****************QCJKPHUzJY-localhost] could not be found>
2024-11-04 06:58:37 2024-11-04 11:58:37,843 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket
[TGT-1-****************n9NDYZKzU4-localhost] from the registry.>
2024-11-04 06:58:37 2024-11-04 11:58:37,844 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[2] expired
tickets removed.>
2024-11-04 06:59:17 2024-11-04 11:59:17,857 INFO
[org.apereo.cas.throttle.AbstractInMemoryThrottledSubmissionHandlerInterceptorAdapter]
- <Beginning audit cleanup...>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+u...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ccf3963-2db1-4036-86d6-ed8ec87f9e38n%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ccf3963-2db1-4036-86d6-ed8ec87f9e38n%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/766172045a2a3c375edb45657f962b9a2ee3924d.camel%40uvic.ca.
