My questions:
1. Will configuring SingleSignOutFilter in web.xml complete my implementation for single sign out, or is there more config that I need to do? If so, where? >> You cannot have single sign out without the filter. Whether it "completes" the configuration depends on your set up (i.e. if your network topology requires additional work) 2. Once single sign out is implemented, will it have the expected behavior that I describe above? Meaning, if I go to the /logout link, then anytime I try to go to an authenticated URL, it should redirect me back to the /login page? >> Yes 3. How can I tell which protocol (CAS 2.0 or SAML 1.1) I'm using? I should be using whatever default CAS 4.0.0 ships with as I didn't override anything in my project. >> By default the server should have CAS 2.0 and SAML 1.1 enabled. Your client is talking via whichever filter you configured (most likely 2.0 spec) On Thu, Jun 5, 2014 at 3:45 PM, Zac Harvey <[email protected]> wrote: > I followed the CAS Best Practices ( > https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method) > for building a “cas.war” (v4.0.0) and deploying it to Tomcat7. When I spin > up Tomcat, I am able to access my CAS login page at: > > > > > https://localhost:8443/cas/login > > > > I then deploy one of my "client" apps (a Grails web app using Shiro for > authentication), which comes online at: > > > > > http://localhost:9100/myapp > > > > I go to an authenticated URL for myapp.war (the CAS client app): > > > > > http://localhost:9100/myapp/secret > > > > I am successfully redirected to my CAS login page (for now, I'm using the > default casLoginView.jsp). I check my browser cookies, and for the CAS site > I have a JSESSIONID. I login using the CAS default credentials (username is > *casuser*; password is *Melon*) and am successfully redirected to > http://localhost:9100/myapp/secret. Great success! I check my cookies > again and see that I have the same exact JSESSIONID as well as a new CASTGC > cookie. > > > > I now go directly to my CAS logout page: > > > > > https://localhost:8443/cas/logout > > > > I see a "Logout successful" message, and check my cookies again. The > CASTGC cookie is gone, and I still have a JSESSIONID, however, it's a > different one than the first JSESSIONID that I got. > > > > I now go back to my authenticated URL: > > > > > http://localhost:9100/myapp/secret > > > > I expect to be redirected to the CAS login page: instead I am allowed to > view the /secret page and **appear to still be authenticated, even after > logging out!!!** > > > > I *believe* I need to implement the SingleSignOutFilter by placing it in > myapp's web.xml as instructed here: > > > > https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out > > > > My questions: > > > > 1. Will configuring SingleSignOutFilter in web.xml complete my > implementation for single sign out, or is there more config that I need to > do? If so, where? > > 2. Once single sign out is implemented, will it have the expected behavior > that I describe above? Meaning, if I go to the /logout link, then anytime I > try to go to an authenticated URL, it should redirect me back to the /login > page? > > 3. How can I tell which protocol (CAS 2.0 or SAML 1.1) I'm using? I should > be using whatever default CAS 4.0.0 ships with as I didn't override > anything in my project. > > > > Thanks in advance! > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
