In my application, I configured Acegi(1.0.6) with CAS's authentication and it
worked fine. Now I want to add SingleSignOut in my application. But, when I
added SingleSignOutFilter as first filter in web.xml, it haven't received
the SAML message. BTW, in order to use cas-client-core-3.1.1, I had a custom
class JasigCasClientTicketValidator just like
org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator.
Is anyone could told me how to add SingleSignOut in acegi+cas
environment(CAS server 3.1.1 cas-client-core-3.1.1 acegi-1.0.6)?
my security-application.xml snippet:
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/**=channelProcessingFilter,httpSessionContextIntegrationFilter,casProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="channelProcessingFilter"
class="org.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager"
ref="channelDecisionManager" />
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_acegi_cas_security_check*=REQUIRES_SECURE_CHANNEL
/**=REQUIRES_INSECURE_CHANNEL
</value>
</property>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="casAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="casProcessingFilter"
class="org.acegisecurity.ui.cas.CasProcessingFilter">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="authenticationFailureUrl"
value="/casfailed.jsp" />
<property name="defaultTargetUrl" value="/" />
<property name="filterProcessesUrl"
value="/j_acegi_cas_security_check" />
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint"
ref="casProcessingFilterEntryPoint" />
<property name="accessDeniedHandler">
<bean
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage"
value="/accessDenied.jsp" />
</bean>
</property>
</bean>
<bean id="serviceProperties"
class="org.acegisecurity.ui.cas.ServiceProperties">
<property name="service"
value="https://gzhnyfzj081.gzyf.net:8443/acegifirstdemoforchapter16/j_acegi_cas_security_check";>
</property>
<property name="sendRenew" value="false" />
</bean>
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="accessDecisionManager"
ref="httpRequestAccessDecisionManager" />
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/securedpage.jsp=ROLE_ADMIN
/debug.jsp=ROLE_ADMIN
</value>
</property>
</bean>
<bean id="casAuthenticationProvider"
class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
<property name="casAuthoritiesPopulator"
ref="casAuthoritiesPopulator" />
<property name="casProxyDecider" ref="rejectProxyTickets" />
<property name="ticketValidator"
ref="jasigCasClientTicketValidator" />
<property name="statelessTicketCache"
ref="statelessTicketCache" />
<property name="key" value="password" />
</bean>
<bean id="ticketValidator"
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0"
value="https://gzhnyfzj947.gzyf.net:8443/cas"; />
</bean>
<bean id="jasigCasClientTicketValidator"
class="test.JasigCasClientTicketValidator">
<property name="jasigTicketValidator" ref="ticketValidator" />
<property name="trustStore"
value="D:/JavaDev/Tomcat-5.5.26/conf/root.jks" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
.......
JasigCasClientTicketValidator is my custom class just like
org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator
my web.xml snippet
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>
com.messi.cas.session.SingleSignOutFilter
</filter-class>
</filter>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetBean</param-name>
<param-value>filterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
--
View this message in context:
http://www.nabble.com/Could-not-SingleSignOut-in-acegi%2Bcas-environment-tp16172809p16172809.html
Sent from the CAS Users mailing list archive at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
