Hi Christian:
Thanks for the recommendation, I didn’t realize that it was an optional field
in the configuration. However, I just tried removing the URL and it still logs
me out of CAS. I believe the problem is because in initializeFromConfig()
casLogoutURL is set regardless if a logout URL is specified.
casLogoutURL=GeoServerCasConstants.createCasURl(authConfig.getCasServerUrlPrefix(),
GeoServerCasConstants.LOGOUT_URI);
if (StringUtils.hasLength(authConfig.getUrlInCasLogoutPage()))
casLogoutURL+="?"+GeoServerCasConstants.LOGOUT_URL_PARAM+"="+URLEncoder.encode(authConfig.getUrlInCasLogoutPage(),"utf-8");
Should casLogoutURL be only set if
StringUtils.hasLength(authConfig.getUrlInCasLogoutPage()) is true? I’ve tested
this and it seems to work.
Thanks,
Danny
From: Christian Mueller [mailto:[email protected]]
Sent: Monday, September 01, 2014 7:04 AM
To: Danny Cheng
Cc: [email protected]
Subject: Re: [Geoserver-users] GeoServer Web UI Logout
Hi Danny
Did you you specify a logout URL in your CAS authentication filter
configuration. If not, the logout should not happen.
Cheers
Christian
On Thu, Aug 28, 2014 at 7:50 PM, Danny Cheng
<[email protected]<mailto:[email protected]>> wrote:
I found the problem or maybe just working as intended. Inside
GeoServerCasAuthenticationFilter it overrides logout() which updates the
GeoServerLogoutFilter logout URL to point to the CAS logout URL set in
initializeFromConfig() override.
@Override
public void initializeFromConfig(SecurityNamedServiceConfig config) throws
IOException {
super.initializeFromConfig(config);
CasAuthenticationFilterConfig authConfig =
(CasAuthenticationFilterConfig) config;
validator = new
GeoServerCas20ProxyTicketValidator(authConfig.getCasServerUrlPrefix());
validator.setAcceptAnyProxy(true);
validator.setProxyGrantingTicketStorage(pgtStorageFilter);
validator.setRenew(authConfig.isSendRenew());
if (StringUtils.hasLength(authConfig.getProxyCallbackUrlPrefix()))
validator.setProxyCallbackUrl(GeoServerCasConstants.createProxyCallBackURl(authConfig.getProxyCallbackUrlPrefix()));
casLogoutURL=GeoServerCasConstants.createCasURl(authConfig.getCasServerUrlPrefix(),
GeoServerCasConstants.LOGOUT_URI);
if (StringUtils.hasLength(authConfig.getUrlInCasLogoutPage()))
casLogoutURL+="?"+GeoServerCasConstants.LOGOUT_URL_PARAM+"="+URLEncoder.encode(authConfig.getUrlInCasLogoutPage(),"utf-8");
singleSignOut=authConfig.isSingleSignOut();
aep = new GeoServerCasAuthenticationEntryPoint(authConfig);
}
@Override
public void logout(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) {
request.setAttribute(GeoServerLogoutFilter.LOGOUT_REDIRECT_ATTR,casLogoutURL);
}
Because of this, when I click logout from the web UI, it ends up logging me out
of the web UI, CAS, and CAS clients.
Thanks,
Danny
From: Danny Cheng
Sent: Wednesday, August 27, 2014 2:41 PM
To:
[email protected]<mailto:[email protected]>
Subject: GeoServer Web UI Logout
Hi Everyone:
I have GeoServer integrated with CAS to authenticate WMS service requests, but
I want to keep the web UI to authenticate using the default form method. I
added a new CAS filter that is only applicable to my particular WMS ANT pattern
and it is working as expected for what I want. However, when I click logout
from the web UI, it redirects me to CAS logout page, but I don’t want that.
This effectively signed me out of all the other CAS clients as well (I have
single logout enabled). I was expecting to be redirected to the web UI login
page. Am I wrong?
Thanks,
Danny
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Geoserver-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
