Hi, I am having issues with Single LogOut in CAS. I am using CAS server 4.2.3 and Spring 3.2. My client casified applications are configured on spring security.
I have 2 cas client web application. When I logout from one of the cas client web application, and refresh the page in the 2nd cas client application which I already logged in (in the same browser in a different tab), I would think that the login page would show up as I already did a single LogOut from the 1st cas client application. But it doesn't work. I am not sure what I am missing. I have posted the code snippet of web.xml, spring-security.xml, logout.jsp and cas.log Any help or pointers is greatly appreciated. web.xml <filter> <filter-name>characterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>characterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> spring-security.xml <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <property name="service" value="https://<hostname>:8444/WebApp3/j_spring_cas_security_check" /> <property name="sendRenew" value="false" /> </bean> <sec:http use-expressions="true" entry-point-ref="casEntryPoint"> <sec:intercept-url pattern="/login/*" access="permitAll()" /> <sec:intercept-url pattern="/lib/**" access="permitAll()" /> <sec:intercept-url pattern="/**" access="isAuthenticated()" /> <sec:form-login login-page="/ingress.do" default-target-url="/ingress.do" always-use-default-target="false" authentication-failure-url="/login.jsp" /> <sec:logout logout-success-url="/logout.jsp" /> <sec:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" /> <sec:custom-filter ref="singleLogoutFilter" before="CAS_FILTER" /> <sec:custom-filter position="CAS_FILTER" ref="casFilter" /> </sec:http> <bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" /> <bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <constructor-arg value="https://<hostname>/cas/logout" /> <constructor-arg> <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /> </constructor-arg> <property name="filterProcessesUrl" value="/logout/cas" /> </bean> <bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager" /> </bean> <bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <property name="loginUrl" value="https://<hostname>/cas/login" /> <property name="serviceProperties" ref="serviceProperties" /> </bean> <sec:authentication-manager alias="authenticationManager"> <sec:authentication-provider ref="casAuthenticationProvider" /> </sec:authentication-manager> <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <property name="authenticationUserDetailsService"> <bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> <constructor-arg ref="userService" /> </bean> </property> <property name="serviceProperties" ref="serviceProperties" /> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg index="0" value="https://<hostname>/cas" /> </bean> </property> <property name="key" value="an_id_for_this_auth_provider_only" /> </bean> <bean id="userService" class="org.hpi.iris.services.CustomUserDetailsService" /> <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <constructor-arg value="/" /> <constructor-arg> <list> <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /> </list> </constructor-arg> </bean> <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean" /> <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter"> <property name="authenticationEntryPoint" ref="casEntryPoint" /> </bean> <bean id="wrappingFilter" class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter" /> </beans> logout.jsp <a href="logout/cas">Logout of in all applications</a> cas.log 2016-09-19 15:47:09,995 DEBUG [org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-1-qFurZ54zaXVbviIalCkZ93lDbYuBAT6m5qE" Version="2.0" IssueInstant="2016-09-19T15:47:09Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-2-Ag6SgNIyvMUGT9mKNkEo-<hostname></samlp:SessionIndex></samlp:LogoutRequest>] 2016-09-19 15:47:09,995 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - Sending logout request for: [https://<hostname>:8444/WebApp3/j_spring_cas_security_check] 2016-09-19 15:47:10,000 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - Prepared logout message to send is [org.jasig.cas.logout.LogoutManagerImpl$LogoutHttpMessage@1771cadc[url=https://<hostname>:8444/WebApp3/j_spring_cas_security_check,message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-1-qFurZ54zaXVbviIalCkZ93lDbYuBAT6m5qE" Version="2.0" IssueInstant="2016-09-19T15:47:09Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-2-Ag6SgNIyvMUGT9mKNkEo-<hostname></samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded]] 2016-09-19 15:47:10,068 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - Captured logout request [org.jasig.cas.logout.DefaultLogoutRequest@655231e3[ticketId=ST-2-Ag6SgNIyvMUGT9mKNkEo-<hostname>,service=https://<hostname>:8444/WebApp3/j_spring_cas_security_check,status=SUCCESS]] 2016-09-19 15:47:10,069 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [TGT-**********************************************lfaFE4hhow-<hostname>] 2016-09-19 15:47:10,071 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket [TGT-**********************************************lfaFE4hhow-<hostname>] found in registry. 2016-09-19 15:47:10,072 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing children of ticket [TGT-**********************************************lfaFE4hhow-<hostname>] from the registry. 2016-09-19 15:47:10,084 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket [TGT-**********************************************lfaFE4hhow-<hostname>] from the registry. 2016-09-19 15:47:10,099 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Publishing org.jasig.cas.support.events.CasTicketGrantingTicketDestroyedEvent@b348523[ticketGrantingTicket=TGT-**********************************************lfaFE4hhow-<hostname>] 2016-09-19 15:47:10,100 DEBUG [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - Trying to see if target's return value is instance of [Assertion]... 2016-09-19 15:47:10,100 DEBUG [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - Resolving principal from the delegate principal resolver: [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver@3d5cf9c4]... 2016-09-19 15:47:10,100 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [String] for audit 2016-09-19 15:47:10,100 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [TGT-**********************************************lfaFE4hhow-<hostname>] 2016-09-19 15:47:10,101 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Ticket [TGT-**********************************************lfaFE4hhow-<hostname>] by type [Ticket] cannot be found in the ticket registry. 2016-09-19 15:47:10,109 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Could not locate ticket [TGT-**********************************************lfaFE4hhow-<hostname>] in the registry 2016-09-19 15:47:10,110 DEBUG [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - Meaningful principal id could not be resolved by [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver@4dafaeaa]. Returning [audit:unknown]... 2016-09-19 15:47:10,110 DEBUG [org.jasig.cas.web.support.TGCCookieRetrievingCookieGenerator] - Removed cookie with name [TGC] 2016-09-19 15:47:10,110 DEBUG [org.jasig.cas.web.WarningCookieRetrievingCookieGenerator] - Removed cookie with name [CASPRIVACY] 2016-09-19 15:47:10,118 DEBUG [org.jasig.cas.services.web.RegisteredServiceThemeBasedViewResolver] - View resolved: /WEB-INF/view/jsp/default/ui/casLogoutView.jsp 2016-09-19 15:47:10,179 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - Connecting socket to <hostname>/<hostip>:8444 with timeout 5000 2016-09-19 15:47:10,181 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2] 2016-09-19 15:47:10,181 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 2016-09-19 15:47:10,181 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - Starting handshake 2016-09-19 15:47:10,205 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - Secure session established 2016-09-19 15:47:10,206 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - negotiated protocol: TLSv1.2 2016-09-19 15:47:10,206 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 2016-09-19 15:47:10,206 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - peer principal: CN=<hostname>, OU=HPI, O=HP, L=Bloomington, ST=MN, C=US 2016-09-19 15:47:10,206 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - issuer principal: CN=<hostname>, OU=HPI, O=HP, L=Bloomington, ST=MN, C=US 2016-09-19 15:47:31,024 DEBUG [org.jasig.cas.util.CasSpringBeanJobFactory] - Created job org.jasig.cas.services.DefaultServicesManagerImpl$ServiceRegistryReloaderJob@4340fcf7 for bundle org.quartz.spi.TriggerFiredBundle@8f5988b -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-dev+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
