Yes, redirection happens and CAS server forgets the logged user My flow is:
* http://localhost:8080/app1/test.jsp -> redirects to CAS login * login in cas server with username and password -> redirects to /app1/test.jsp, showing my username and a _const_cas_assertion_ * http://localhost:8080/app1/logout -> redirects to CAS server logout url (and it really forgets the authentication) * http://localhost:8080/app1/test.jsp -> It shows my username! I'm not logged out of app1 !! But there is not a _const_cas_assertion_ I think that logout valve deletes the cas assertion in session, but perhaps the user is also stored in session and is not deleted. I thought that the user exposed to the application via pageContext.remoteUser was the one in cas_assertion, but in the last step, there is no cas assertion, but the user remains. Perhaps your answer will be. "ok, you can invalidate your session and then go to CAS logout", but the reason I'm doing this is that i want to logout from all applications in same tomcat. I can't invalidate other contexts sessions, as far as I know. Any ideas? El jue., 4 oct. 2018 a las 22:47, Ray Bon (<r...@uvic.ca>) escribió: > Jaume, > > Does the redirect to CAS happen? > If CAS does not terminate the session but your application does (i.e. the > valve works), then when you access your application, it will go to CAS and > create a new session using the previous single sign on. > If this is happening you will see the redirect in your developer tools and > new service tickets issued in CAS logs. > Is there a way to tell if tomcat ends the sessions? > > Ray > > On Thu, 2018-10-04 at 22:05 +0200, Jaume Moral wrote: > > Ok. I can use the single sign out request on cas logout, but this is not > what I'm looking for. > > I thaught that logoutvalve would do a logout in all applications on same > tomcat, without the need of a single sign out request from cas server. > > Am I wrong? > > El dj., 4 oct. 2018 19.24, Ray Bon <r...@uvic.ca> va escriure: > > Jaume, > > cas/logout will end the CAS session. It is up to your application to end > its own session. If tomcat is redirecting on your application logout, then > your application will never know to end the session. > Perhaps your cas client can perform the right steps (end session and > redirect to cas/logout). > > You can add logout url to service definition. CAS will then send a request > when cas/logout is visited. > > Ray > > On Thu, 2018-10-04 at 09:38 -0700, Jaume Moral wrote: > > Hi! > > > I have a problem using RegexUriLogoutValve to achieve global logout in a > tomcat server. > > > I have two applications (app1 and app2) in the same tomcat protected with > org.jasig.cas.client.tomcat.v7.Cas20CasAuthenticator. Single Sign On works > perfect, but I have troubles with logout. > > > I have this in global context.xml > > > <Valve > className="org.jasig.cas.client.tomcat.v7.RegexUriLogoutValve" > logoutUriRegex="/.*/logout" > redirectUrl="https://mycasserver.edu/cas/logout"; > /> > > > When I go to http://localhost:8080/app1/logout, it seems fine but none of > my applications forget the logged user. > > > Inside my applications, I have > > > web.xml > > > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected Area</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>user</role-name> > </auth-constraint> > </security-constraint> > > And one jsp for testing > > <h1>Logged user: ${pageContext.request.remoteUser}</h1> > > I was expecting that after visit /app1/logout, both application forget the > CAS user. Is this correct? Or am I missing something? > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538673841.2852.18.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538673841.2852.18.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538686027.2852.26.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538686027.2852.26.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMOuto3oRQSo6OaRveT4RgNNxFphttQYX64%3DoB_66xk29MzVJQ%40mail.gmail.com.
