Jaume, Does the redirect to CAS happen? If CAS does not terminate the session but your application does (i.e. the valve works), then when you access your application, it will go to CAS and create a new session using the previous single sign on. If this is happening you will see the redirect in your developer tools and new service tickets issued in CAS logs. Is there a way to tell if tomcat ends the sessions?
Ray On Thu, 2018-10-04 at 22:05 +0200, Jaume Moral wrote: Ok. I can use the single sign out request on cas logout, but this is not what I'm looking for. I thaught that logoutvalve would do a logout in all applications on same tomcat, without the need of a single sign out request from cas server. Am I wrong? El dj., 4 oct. 2018 19.24, Ray Bon <[email protected]<mailto:[email protected]>> va escriure: Jaume, cas/logout will end the CAS session. It is up to your application to end its own session. If tomcat is redirecting on your application logout, then your application will never know to end the session. Perhaps your cas client can perform the right steps (end session and redirect to cas/logout). You can add logout url to service definition. CAS will then send a request when cas/logout is visited. Ray On Thu, 2018-10-04 at 09:38 -0700, Jaume Moral wrote: Hi! I have a problem using RegexUriLogoutValve to achieve global logout in a tomcat server. I have two applications (app1 and app2) in the same tomcat protected with org.jasig.cas.client.tomcat.v7.Cas20CasAuthenticator. Single Sign On works perfect, but I have troubles with logout. I have this in global context.xml <Valve className="org.jasig.cas.client.tomcat.v7.RegexUriLogoutValve" logoutUriRegex="/.*/logout" redirectUrl="https://mycasserver.edu/cas/logout"; /> When I go to http://localhost:8080/app1/logout, it seems fine but none of my applications forget the logged user. Inside my applications, I have web.xml <security-constraint> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> And one jsp for testing <h1>Logged user: ${pageContext.request.remoteUser}</h1> I was expecting that after visit /app1/logout, both application forget the CAS user. Is this correct? Or am I missing something? -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538673841.2852.18.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538673841.2852.18.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538686027.2852.26.camel%40uvic.ca.
