Hey David, Firstly thanks for your response and clarifying few things. My query to you now is
Does logoutUrl property support SLO? If so, which all cookie should I be deleting? On Thu, May 24, 2018 at 6:17 PM, David Curry <[email protected]> wrote: > What do you mean when you say you are "using mod_auth_cas for reverse > proxy to my cas server"? Mod_auth_cas is not a (reverse) proxy. It's simply > a way to control access to content on an Apache web server using CAS > authentication. Think of it as an alternative to HTTP Basic Authentication. > It seems like this was explained in an earlier thread; if you want to > spread the load across multiple CAS servers, you should just stick a load > balancer (NGINX, F5, etc.) in front of them. See, for example, the picture > here https://apereo.github.io/cas/development/planning/High- > Availability-Guide.html. > > As for logging out, mod_auth_cas does not support SLO. This is documented > in the README file under "Known Limitations". If you really want to > implement logout with mod_auth_cas, you would somehow have to arrange for > the logout process (which mod_auth_cas is completely unaware of, since it > doesn't have its own "logout" link and it doesn't support SLO) to delete > the "MOD_AUTH_CAS_S" cookie from the user's browser. You MIGHT be able to > make use of the "logoutUrl" property in the service registry ( > https://apereo.github.io/cas/development/installation/ > Logout-Single-Signout.html#service-endpoint-for-logout-requests) to > accomplish this, with the page that URL points do taking care of deleting > the cookie. > > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> > +1 212 229-5300 x4728 • [email protected] > > [image: The New School] > > > On Thu, May 24, 2018 at 2:13 AM Ramakrishna G <[email protected]> wrote: > >> Hello, >> >> I am using Mod_auth_cas for reverse proxy to my cas server. How do I >> achive slo and sso using mod_auth_cas? Also when I logout I am still able >> to access my application without authentication. Is this the way >> mod_auth_cas works? >> >> Thanks >> Ramakrishna G >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/a/ >> apereo.org/d/msgid/cas-user/CAGST5P_19UfBq%2BsefvrBRD9UBOJMQHQqJj% >> 3DmJzvm3Op6JsSUAQ%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_19UfBq%2BsefvrBRD9UBOJMQHQqJj%3DmJzvm3Op6JsSUAQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CA%2Bd9XANEnPPGQ66kyva4Wgvm8- > 25-Up0Fdz-7MZLYk-PdUF5dA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANEnPPGQ66kyva4Wgvm8-25-Up0Fdz-7MZLYk-PdUF5dA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P9pD%3DC4t-THA6gX-V2Uh7yB8brVG0tk1sNYk0iZ-7nGtQ%40mail.gmail.com.
