RE: [cas-user] CAS 3.5.1: Having trouble with Sign-Out

Thu, 27 Dec 2012 14:31:11 -0800 

Thanks for helping, Gil!

 

Okay, I switched to SAML. I needed to do that anyway, so I'm glad to get that 
out of the way. Unfortunately, I'm still seeing the issue. I'm using Firefox 
17.0.1. I log in to my hello-world webapp successfully. I included this link in 
index.jsp:

 

        <a href="/authentication/logout" onClick="session.invalidate()">Log 
out</a>  

 

When I click on the link, it takes me to the cas logoff screen and says I have 
been logged out. However, when I return to /hello-world, I see the JSP without 
needing to reauthenticate. I've attached the most recent version of my web.xml 
file. If anybody has any thoughts, I'd really appreciate it.

 

Thanks,

Eric Stein

 

From: Gil Victor Teixeira Pinto [mailto:[email protected]] 
Sent: Thursday, December 27, 2012 2:04 PM
To: [email protected]
Cc: [email protected]; [email protected]; Stein, Eric
Subject: Re: [cas-user] CAS 3.5.1: Having trouble with Sign-Out

 

Hi, 

The only difference that i have in my web.xml is the SAML:

<!-- SSOut https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out -->
    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        <init-param>
            <param-name>artifactParameterName</param-name>
            <param-value>SAMLart</param-value>
        </init-param>
    </filter>


I've also SAML at:


<!-- CAS -->
    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        
<filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
        <!--
            
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        -->
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://server:8443/cas/login</param-value 
<https://server:8443/cas/login%3c/param-value> >
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://server:8080</param-value 
<http://server:8080%3c/param-value> >
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        
<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
        <!--
            
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
        -->
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://server:8443/cas</param-value 
<https://server:8443/cas%3c/param-value> >
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://server:8080</param-value 
<http://server:8080%3c/param-value> >
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>useSession</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>



On Wednesday, December 26, 2012 8:24:41 PM UTC-2, Stein, Eric wrote:

I've got Tomcat 7.0.25 running with CAS 3.5.1 and a trivial java webapp 
with one JSP. I added a link from the page to /cas/logout. When I follow 
the link, CAS tells me I've logged out successfully, but I can navigate 
back to the page without needing to authenticate again. It looks like 
tickets are still being granted. I'm also seeing this line in my client 
webapp: 

17:10:01.946 [http-bio-8080-exec-12] TRACE 
o.j.c.c.session.SingleSignOutFilter - Ignoring URI /hello-world/ 

Does anyone have any thoughts on what I might be doing wrong? Is there 
any documentation on sign out/single sign out that I'm missing? 

Thanks, 
Eric Stein 

-- 
You are currently subscribed to [email protected] <javascript:>  as: 
[email protected] <javascript:>  
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";
    version="3.0">

    <display-name>Hello World Web Application</display-name>

    <!-- Facilitates CAS single sign-out -->
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        <init-param>
            <param-name>artifactParameterName</param-name>
            <param-value>SAMLart</param-value>
        </init-param>
    </filter>

    <!-- CAS -->
    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://<MY_TOMCAT_SERVER>:8443/authentication/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://<MY_TOMCAT_SERVER>:8080</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://<MY_TOMCAT_SERVER>:8443/authentication</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://<MY_TOMCAT_SERVER>:8080</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>useSession</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>

    <filter>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>

Reply via email to