Ok, I will turn on debug and check the logs. What is the right way to do it? All the documentation I find is to enable in CAS server. I try to enable it in logging.properties in /conf folder but I doesn't work. It seems it uses a different cofiguration file.
Can you help me? Thanks! El divendres, 5 octubre de 2018 1:51:10 UTC+2, rbon va escriure: > > Jaume, > > If test.jsp requires login and you can access it after app1/logout, I > agree that you are not logged out. > > <https://github.com/apereo/java-cas-client/blob/master/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/AbstractLogoutHandler.java> > https://github.com/apereo/java-cas-client/blob/master/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/AbstractLogoutHandler.java > > > If you turn on debugging for the cas client, you will see the log out > happen. > > If you do not want CAS to log user out of all apps, you can turn off > single sign out. > > Ray > > On Thu, 2018-10-04 at 23:26 +0200, Jaume Moral wrote: > > Yes, redirection happens and CAS server forgets the logged user > > My flow is: > > * http://localhost:8080/app1/test.jsp > -> redirects to CAS login > * login in cas server with username and password > -> redirects to /app1/test.jsp, showing my username and a > _const_cas_assertion_ > * http://localhost:8080/app1/logout > -> redirects to CAS server logout url (and it really forgets the > authentication) > * http://localhost:8080/app1/test.jsp > -> It shows my username! I'm not logged out of app1 !! But there is not a > _const_cas_assertion_ > > I think that logout valve deletes the cas assertion in session, but > perhaps the user is also stored in session and is not deleted. I thought > that the user exposed to the application via pageContext.remoteUser was the > one in cas_assertion, but in the last step, there is no cas assertion, but > the user remains. > > Perhaps your answer will be. "ok, you can invalidate your session and then > go to CAS logout", but the reason I'm doing this is that i want to logout > from all applications in same tomcat. I can't invalidate other contexts > sessions, as far as I know. > > Any ideas? > > El jue., 4 oct. 2018 a las 22:47, Ray Bon (<[email protected] <javascript:>>) > escribió: > > Jaume, > > Does the redirect to CAS happen? > If CAS does not terminate the session but your application does (i.e. the > valve works), then when you access your application, it will go to CAS and > create a new session using the previous single sign on. > If this is happening you will see the redirect in your developer tools and > new service tickets issued in CAS logs. > Is there a way to tell if tomcat ends the sessions? > > Ray > > On Thu, 2018-10-04 at 22:05 +0200, Jaume Moral wrote: > > Ok. I can use the single sign out request on cas logout, but this is not > what I'm looking for. > > I thaught that logoutvalve would do a logout in all applications on same > tomcat, without the need of a single sign out request from cas server. > > Am I wrong? > > El dj., 4 oct. 2018 19.24, Ray Bon <[email protected] <javascript:>> va > escriure: > > Jaume, > > cas/logout will end the CAS session. It is up to your application to end > its own session. If tomcat is redirecting on your application logout, then > your application will never know to end the session. > Perhaps your cas client can perform the right steps (end session and > redirect to cas/logout). > > You can add logout url to service definition. CAS will then send a request > when cas/logout is visited. > > Ray > > On Thu, 2018-10-04 at 09:38 -0700, Jaume Moral wrote: > > Hi! > > > I have a problem using RegexUriLogoutValve to achieve global logout in a > tomcat server. > > > I have two applications (app1 and app2) in the same tomcat protected with > org.jasig.cas.client.tomcat.v7.Cas20CasAuthenticator. Single Sign On works > perfect, but I have troubles with logout. > > > I have this in global context.xml > > > <Valve > className="org.jasig.cas.client.tomcat.v7.RegexUriLogoutValve" > logoutUriRegex="/.*/logout" > redirectUrl="https://mycasserver.edu/cas/logout"; > /> > > > When I go to http://localhost:8080/app1/logout, it seems fine but none of > my applications forget the logged user. > > > Inside my applications, I have > > > web.xml > > > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected Area</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>user</role-name> > </auth-constraint> > </security-constraint> > > And one jsp for testing > > <h1>Logged user: ${pageContext.request.remoteUser}</h1> > > I was expecting that after visit /app1/logout, both application forget the > CAS user. Is this correct? Or am I missing something? > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538673841.2852.18.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538673841.2852.18.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538686027.2852.26.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538686027.2852.26.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5703243a-0489-4eeb-a180-eca040fa2f2b%40apereo.org.
