Hi, I recently experienced some troubles using the SingleSignOutFilter on a webapp (named dsacas) deployed on WAS 6.1. This webapp uses the version 3.2.1 of cas client.
Actually, when I logged out from another cas-ified application (named rapcas), it looks like the cas server correctly receives the logout request and forwards it to my application, as you can see below : 2012-04-10 15:51:02,519 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Ticket found. Expiring and then deleting. 2012-04-10 15:51:02,520 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Sending logout request for: http://wasge/rapcas/j_spring_cas_security_check 2012-04-10 15:51:02,535 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Sending logout request for: http://wasfu/dsacas/j_spring_cas_security_check 2012-04-10 15:51:02,535 DEBUG [org.jasig.cas.util.HttpClient] - Attempting to access http://wasge/rapcas/j_spring_cas_security_check 2012-04-10 15:51:02,536 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket [TGT-2-pJiy936JRNGfLWC6UlcNerDqjbufD3c0xIChhKCEW6Yi6e0LbM-loginALM-dev] from registry 2012-04-10 15:51:02,536 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [TGT-2-pJiy936JRNGfLWC6UlcNerDqjbufD3c0xIChhKCEW6Yi6e0LbM-loginALM-dev] 2012-04-10 15:51:02,536 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: TGT-2-pJiy936JRNGfLWC6UlcNerDqjbufD3c0xIChhKCEW6Yi6e0LbM-loginALM-dev ACTION: TICKET_GRANTING_TICKET_DESTROYED APPLICATION: CAS WHEN: Tue Apr 10 15:51:02 CEST 2012 CLIENT IP ADDRESS: 10.99.31.53 SERVER IP ADDRESS: loginalm-dev ============================================================= 2012-04-10 15:51:02,538 DEBUG [fr.ag2rlamondiale.cas.web.support.CustomCookieRetrievingCookieGenerator$LocalCookieGenerator] - Removed cookie with name [CASTGC-dr] 2012-04-10 15:51:02,539 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie with name [CASPRIVACY] 2012-04-10 15:51:02,539 DEBUG [org.springframework.web.servlet.DispatcherServlet] - Rendering view [org.springframework.web.servlet.view.RedirectView: unnamed; URL [http://wasge/rapcas/pages/accueil.jsf]] in DispatcherServlet with name 'cas' 2012-04-10 15:51:02,539 DEBUG [org.springframework.web.servlet.DispatcherServlet] - Successfully completed request 2012-04-10 15:51:02,540 DEBUG [org.jasig.cas.util.HttpClient] - Attempting to access http://wasfu/dsacas/j_spring_cas_security_check 2012-04-10 15:51:02,950 DEBUG [org.jasig.cas.util.HttpClient] - Finished sending message tohttp://wasge/rapcas/j_spring_cas_security_check 2012-04-10 15:51:03,748 DEBUG [org.jasig.cas.util.HttpClient] - Finished sending message tohttp://wasfu/dsacas/j_spring_cas_security_check However, the SingleSignOutFilter is not triggered on my application (dsacas), so the user applicative session is not destroyed and he's still able to access the application. Then, I tried to deploy this application on a tomcat7 environment and the result is surprising : the logout process works well on it : I mean I can see that the SingleSignOutFilter is triggered and then that the user is correctly disconnected from the application. However, I used the same web.xml for both webapps : <?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";> <display-name>dsa</display-name> <context-param> <param-name>log4jConfigLocation</param-name> <param-value>classpath:log4j.xml</param-value> </context-param> <context-param> <param-name>log4jRefreshInterval</param-name> <param-value>60000</param-value> </context-param> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener> <filter> <filter-name>ParrainageFilter</filter-name> <filter-class>com.ag2r.dsa.servlet.ParrainageFilter</filter-class> </filter> <filter-mapping> <filter-name>ParrainageFilter</filter-name> <url-pattern>/j_security_check</url-pattern> </filter-mapping> <listener> <listener-class> org.springframework.web.util.Log4jConfigListener </listener-class> </listener> <listener> <listener-class>com.ag2r.dsa.environnement.ApplicationContextLoader</listener-class> </listener> <servlet> [...] </servlet> <servlet-mapping> [...] </servlet-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <error-page> <error-code>403</error-code> <location>/jsp/erreurAuth.jsp</location> </error-page> <error-page> <error-code>401</error-code> <location>/jsp/erreurAnn.jsp</location> </error-page> <resource-ref id="ResourceRef_1060079993835"> <res-ref-name>eis/CICSRemote</res-ref-name> <res-type>javax.resource.cci.ConnectionFactory</res-type> <res-auth>Application</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> </web-app> Do you see any reason which me explain why the SingleSignOutFilter is not correctly triggered on WAS 6.1 ? Best regards, -- View this message in context: http://jasig.275507.n4.nabble.com/SingleSignOutFilter-is-not-triggered-on-WAS-tp4545991p4545991.html Sent from the CAS Developers mailing list archive at Nabble.com. -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
