Hi Ray, As said by you, I enabled logs and this is the output
2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager] - <Performing logout operations for [TGT-2-*********************************************************eGcHG1JqHs-client]> 2018-05-17 11:50:46,501 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Processing logout request for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id=https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/, *artifactId=<null>* ,principal=casuser,loggedOutAlready=false,format=XML]]...> 2018-05-17 11:50:46,503 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] supports single logout and is found in the registry as [id=10000001,name=HTTPS and IMAPS,description=This service definition authorizes all application urls that support HTTPS and IMAPS protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d ,theme=<null>,evaluationOrder=10000,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@15646ed9 [attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@7923006f [],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@330ae512 [excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@5bc47191 [enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2cd156ce ,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dc092b8 [multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@687fb318[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=<null>],<null>]. Proceeding...> 2018-05-17 11:50:46,514 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout url [https://192.168.111.12:8443/] for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId= <null>,principal=casuser,loggedOutAlready=false,format=XML]]> 2018-05-17 11:50:46,515 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating logout request for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]> 2018-05-17 11:50:46,517 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout request [org.apereo.cas.logout.DefaultLogoutRequest@61e23890 [ticketId=ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]] created for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]> 2018-05-17 11:50:46,518 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout type registered for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=<null>,principal=casuser,loggedOutAlready=false,format=XML]] is [BACK_CHANNEL]> 2018-05-17 11:50:46,519 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating back-channel logout request based on [org.apereo.cas.logout.DefaultLogoutRequest@61e23890 [ticketId=ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa [id= https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId= <null>,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]> 2018-05-17 11:50:46,522 DEBUG [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-1-vL8zdM8-dQR8rayaAYJJz6d2" Version="2.0" IssueInstant="2018-05-17T11:50:46Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ </saml:NameID><samlp:SessionIndex>ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client</samlp:SessionIndex></samlp:LogoutRequest>]> 2018-05-17 11:50:46,522 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Preparing logout request for [https://192.168.111.12:8443/] to [ https://192.168.111.12:8443/]> 2018-05-17 11:50:46,547 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout message to send is [org.apereo.cas.logout.LogoutHttpMessage@e0bb76[url= https://192.168.111.12:8443/,message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-1-vL8zdM8-dQR8rayaAYJJz6d2" Version="2.0" IssueInstant="2018-05-17T11:50:46Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client</samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=false,contentType=application/x-www-form-urlencoded,responseCode=0]]. Sending...> 2018-05-17 11:50:46,659 WARN [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -* <Logout message is not sent to [https://192.168.111.12:8443/ <https://192.168.111.12:8443/>]; Continuing processing...>* 2018-05-17 11:50:46,661 INFO [org.apereo.cas.logout.DefaultLogoutManager] - <[1] logout requests were processed> 2018-05-17 11:50:46,668 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: casuser WHAT: TGT-2-*********************************************************eGcHG1JqHs-client ACTION: TICKET_GRANTING_TICKET_DESTROYED APPLICATION: CAS WHEN: Thu May 17 11:50:46 IST 2018 CLIENT IP ADDRESS: 192.168.111.12 SERVER IP ADDRESS: 192.168.111.12 ============================================================= On Tue, May 15, 2018 at 11:59 PM, Ray Bon <[email protected]> wrote: > Ramakrishna, > > If the TGT is destroyed, then that SSO session is also destroyed even if > the TGC is not (why TGC is not removed is odd). > If you are still logged in to the client application, your client may not > be part of single log out (SLO). It is up to the client to manage its own > session. > When you say 'valid ticket', do you mean a new service ticket? > > You can try these log4j2 options to see what is happening during the > logout process: > > > <!-- DEBUG service status and logout process and a lot of details > --> > <AsyncLogger name="org.apereo.cas.logout" level="info" /> > <!-- INFO Performing logout operations for [TGT-...] > [number] logout requests were processed > DEBUG ST, principal and URL --> > <AsyncLogger name="org.apereo.cas.logout.DefaultLogoutManager" > level="info"> > <Filters> > <ThresholdFilter level="INFO" onMatch="ACCEPT" > onMismatch="NEUTRAL" /> > <RegexFilter regex="Captured logout request.*" > onMismatch="DENY" /> > </Filters> > </AsyncLogger> > <!-- DEBUG Logout request will be sent to but does not print > anything when login was through SAML 1.1 --> > <AsyncLogger name="org.apereo.cas.logout. > DefaultSingleLogoutServiceLogoutUrlBuilder" level="warn" /> > <!-- DEBUG preparing, processing and logout with URL and ST --> > <AsyncLogger name="org.apereo.cas.logout. > DefaultSingleLogoutServiceMessageHandler" level="debug" /> > <!-- DEBUG SAML logout payload --> > <AsyncLogger name="org.apereo.cas.logout. > SamlCompliantLogoutMessageCreator" level="debug" /> > > Ray > > On Tue, 2018-05-15 at 15:58 +0530, Ramakrishna G wrote: > > On Clicking logout which calls the cas/logout link : > > WHO: casuser > WHAT: TGT-1-****************************************************** > ***CPmWzMzi-I-client > ACTION: TICKET_GRANTING_TICKET_DESTROYED > APPLICATION: CAS > WHEN: Tue May 15 15:45:17 IST 2018 > CLIENT IP ADDRESS: 192.168.111.12 > SERVER IP ADDRESS: 192.168.111.12 > ============================================================= > > > > But i can see that in the browser , the TGC cookie still resides , which > forces me to delete the cookies or close the browser for a fresh login. Is > there any way to avoid this? > > On Sat, May 12, 2018 at 1:45 PM, Ramakrishna G <[email protected]> wrote: > > Yes it is redirected to logout page, yet cookies is not removed. When I > refresh it redirects to application with valid ticket instead of > redirecting to login page. > > > On Fri, May 11, 2018 at 8:39 PM, Ray Bon <[email protected]> wrote: > > Ramakrishna, > > If the browser is redirected to /cas/logout, the cookies will/should be > removed. > > Ray > > On Fri, 2018-05-11 at 19:30 +0530, Ramakrishna G wrote: > > Hello Team, > > On logout CAS cookies are not removed from browser. I need to forcefully > clear. What might be the reason? > > Thanks > Ramakrishna G > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ap > ereo.org/d/msgid/cas-user/1526051367.1797.41.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526051367.1797.41.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/1526408970.1817.28.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526408970.1817.28.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_2N%2BES8tc7c5Yc7BuzrXYzeQW3d-F33%2BDKpoPN-zmWOg%40mail.gmail.com.
