Re: [Geoserver-users] GeoServer Web UI Logout

[Danny Cheng]

I found the problem or maybe just working as intended. Inside 
GeoServerCasAuthenticationFilter it overrides logout() which updates the 
GeoServerLogoutFilter logout URL to point to the CAS logout URL set in 
initializeFromConfig() override.

    @Override
    public void initializeFromConfig(SecurityNamedServiceConfig config) throws 
IOException {
        super.initializeFromConfig(config);


        CasAuthenticationFilterConfig authConfig =
                (CasAuthenticationFilterConfig) config;

        validator = new 
GeoServerCas20ProxyTicketValidator(authConfig.getCasServerUrlPrefix());
        validator.setAcceptAnyProxy(true);
        validator.setProxyGrantingTicketStorage(pgtStorageFilter);

        validator.setRenew(authConfig.isSendRenew());
        if (StringUtils.hasLength(authConfig.getProxyCallbackUrlPrefix()))
                
validator.setProxyCallbackUrl(GeoServerCasConstants.createProxyCallBackURl(authConfig.getProxyCallbackUrlPrefix()));

        
casLogoutURL=GeoServerCasConstants.createCasURl(authConfig.getCasServerUrlPrefix(),
 GeoServerCasConstants.LOGOUT_URI);
        if (StringUtils.hasLength(authConfig.getUrlInCasLogoutPage()))
                
casLogoutURL+="?"+GeoServerCasConstants.LOGOUT_URL_PARAM+"="+URLEncoder.encode(authConfig.getUrlInCasLogoutPage(),"utf-8");

        singleSignOut=authConfig.isSingleSignOut();
        aep = new GeoServerCasAuthenticationEntryPoint(authConfig);
    }

    @Override
    public void logout(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) {
            
request.setAttribute(GeoServerLogoutFilter.LOGOUT_REDIRECT_ATTR,casLogoutURL);
    }

Because of this, when I click logout from the web UI, it ends up logging me out 
of the web UI, CAS, and CAS clients.

Thanks,
Danny


From: Danny Cheng
Sent: Wednesday, August 27, 2014 2:41 PM
To: geoserver-users@lists.sourceforge.net
Subject: GeoServer Web UI Logout

Hi Everyone:

I have GeoServer integrated with CAS to authenticate WMS service requests, but 
I want to keep the web UI to authenticate using the default form method. I 
added a new CAS filter that is only applicable to my particular WMS ANT pattern 
and it is working as expected for what I want. However, when I click logout 
from the web UI, it redirects me to CAS logout page, but I don't want that. 
This effectively signed me out of all the other CAS clients as well (I have 
single logout enabled). I was expecting to be redirected to the web UI login 
page. Am I wrong?

Thanks,
Danny


------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users