Leena,
That looks fine; nothing that hits me out right. Some avenues to try:
1. Have you configured the
org.jasig.cas.client.session.SingleSignOutHttpSessionListener at the top?
2. Have you enabled TRACE level debugging for the
org.jasig.cas.client.session package?
The TRACE enabled log level should let you know what is going on in the
filter. If the filter is not being applied, then I would wonder if you
should enable the REQUEST and FORWARD dispatchers like so:
<filter-mapping> <filter-name>CAS Sign-Out Filter</filter-name>
<url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher> </filter-mapping>
HTH,
A-
On 1/13/09 12:02 PM, "Leena Borle" <[email protected]> wrote:
> Hi,
> Here is CAS part of web.xml
> <!-- Single Signout -->
> <filter>
> <filter-name>CAS Single Sign Out Filter</filter-name>
>
> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
> </filter>
>
> <filter-mapping>
> <filter-name>CAS Single Sign Out Filter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> <listener>
>
> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener<
> /listener-class>
> </listener>
>
> <filter>
> <filter-name>CAS Validation Filter</filter-name>
>
> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidat
> ionFilter</filter-class>
> <init-param>
> <param-name>casServerUrlPrefix</param-name>
> <param-value>https://localhost:8443/cas/</param-value>
> </init-param>
> <init-param>
> <param-name>serverName</param-name>
> <param-value>http://localhost:8080</param-value>
> </init-param>
> <init-param>
> <param-name>proxyCallbackUrl</param-name>
>
> <param-value>https://localhost:8443/app2/docs/receptor</param-value>
> </init-param>
> <init-param>
> <param-name>proxyReceptorUrl</param-name>
> <param-value>/docs/receptor</param-value>
> </init-param>
> <init-param> <!-- This will generate Cas20ProxyTicketValidator
> instead of CAs20ServiceTicketValidator-->
> <param-name>acceptAnyProxy</param-name>
> <param-value>true</param-value>
> </init-param>
> </filter>
>
> <!-- ************************* -->
> <filter-mapping>
> <filter-name>CAS Validation Filter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> <filter-mapping>
> <filter-name>CAS Validation Filter</filter-name>
> <url-pattern>/docs/receptor</url-pattern>
> </filter-mapping>
>
> <!-- Wraps HttpRequest for getRemoteUSer() to work -->
> <filter>
> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
>
> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filte
> r-class>
> </filter>
> <filter-mapping>
> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
>
> On Tue, Jan 13, 2009 at 5:23 AM, Andrew Feller <[email protected]> wrote:
>> We use the JA-SIG CAS client without Spring security and we haven't had any
>> issues with the SSOut. Can you copy the web.xml from an application of yours
>> that isn't handling SSOut correctly?
>>
>>
>>
>> On 1/12/09 5:40 PM, "Leena Borle" <[email protected]> wrote:
>>
>>> Hi,
>>> In my case, it only invalidates the session of the application which
>>> initiated the /cas/logout. Other applications still keeps the same session.
>>> Difference between these applications is only that the mail application that
>>> calls logout has implemented CAS with Spring security and others have it in
>>> configured in web.xml (CAS-client 3.1.3)
>>> I'm wondering if anything is missing in my configurarion. CAS
>>> documentation says SSO requires just addition of SSO filter in web.xml.
>>> Leena
>>>
>>> On Mon, Jan 12, 2009 at 1:27 PM, Andrew Feller <[email protected]> wrote:
>>>> Leena,
>>>>
>>>> No. When the user goes to the CAS server to logout, the CAS server will
>>>> notify all the applications that requested service tickets and invalidate
>>>> the user's sessions.
>>>>
>>>> A-
>>>>
>>>>
>>>>
>>>> On 1/12/09 2:53 PM, "Leena Borle" <[email protected]> wrote:
>>>>
>>>>> Hello,
>>>>> I have added SSO filter in all web.xml of my application. I want to
>>>>> initiate sign-out from only one application. Do I need to invalidate
>>>>> sessions in other applications individually before calling /cas/logout?
>>>>> Leena
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Yale CAS mailing list
>>>>> [email protected]
>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>
> --
> Andrew Feller, Analyst
> LSU University Information Services
> 200 Frey Computing Services Center
> Baton Rouge, LA 70803
> Office: 225.578.3737
> Fax: 225.578.6400
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
