Adding more info. Following the following documentation, http://docs.spring.io/spring-security/site/docs/3.2.9.RELEASE/reference/htmlsingle/#cas-singlelogout
Please help me resolve this issue or any direction on this to debug further will be greatly appreciated. On Monday, September 19, 2016 at 4:45:18 PM UTC-5, SaAn wrote: > > Hi, > > I am having issues with Single LogOut in CAS. I am using CAS server 4.2.3 > and Spring 3.2. My client casified applications are configured on spring > security. > > I have 2 cas client web application. When I logout from one of the cas > client web application, and refresh the page in the 2nd cas client > application which I already logged in (in the same browser in a different > tab), I would think that the login page would show up as I already did a > single LogOut from the 1st cas client application. But it doesn't work. > > I am not sure what I am missing. I have posted the code snippet of > web.xml, spring-security.xml, logout.jsp and cas.log > > Any help or pointers is greatly appreciated. > > > web.xml > > <filter> > <filter-name>characterEncodingFilter</filter-name> > > <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> > <init-param> > <param-name>encoding</param-name> > <param-value>UTF-8</param-value> > </init-param> > </filter> > > <filter> > <filter-name>springSecurityFilterChain</filter-name> > > <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> > </filter> > > <filter-mapping> > <filter-name>characterEncodingFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > <filter-mapping> > <filter-name>springSecurityFilterChain</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > <listener> > > <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> > </listener> > > <listener> > > <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> > </listener> > > spring-security.xml > > <bean id="serviceProperties" > class="org.springframework.security.cas.ServiceProperties"> > <property name="service" > value="https://<hostname>:8444/WebApp3/j_spring_cas_security_check" /> > <property name="sendRenew" value="false" /> > </bean> > > <sec:http use-expressions="true" entry-point-ref="casEntryPoint"> > <sec:intercept-url pattern="/login/*" access="permitAll()" /> > <sec:intercept-url pattern="/lib/**" access="permitAll()" /> > <sec:intercept-url pattern="/**" access="isAuthenticated()" /> > <sec:form-login login-page="/ingress.do" default-target-url="/ingress.do" > always-use-default-target="false" > authentication-failure-url="/login.jsp" /> > > <sec:logout logout-success-url="/logout.jsp" /> > <sec:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" > /> > <sec:custom-filter ref="singleLogoutFilter" before="CAS_FILTER" /> > <sec:custom-filter position="CAS_FILTER" ref="casFilter" /> > > </sec:http> > > <bean id="singleLogoutFilter" > class="org.jasig.cas.client.session.SingleSignOutFilter" /> > > <bean id="requestSingleLogoutFilter" > class="org.springframework.security.web.authentication.logout.LogoutFilter"> > <constructor-arg value="https://<hostname>/cas/logout" /> > <constructor-arg> > <bean > class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" > > /> > </constructor-arg> > <property name="filterProcessesUrl" value="/logout/cas" /> > </bean> > > <bean id="casFilter" > class="org.springframework.security.cas.web.CasAuthenticationFilter"> > <property name="authenticationManager" ref="authenticationManager" /> > </bean> > > <bean id="casEntryPoint" > class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> > <property name="loginUrl" value="https://<hostname>/cas/login" /> > <property name="serviceProperties" ref="serviceProperties" /> > </bean> > > <sec:authentication-manager alias="authenticationManager"> > <sec:authentication-provider ref="casAuthenticationProvider" /> > </sec:authentication-manager> > > <bean id="casAuthenticationProvider" > class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> > <property name="authenticationUserDetailsService"> > <bean > class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> > <constructor-arg ref="userService" /> > </bean> > </property> > <property name="serviceProperties" ref="serviceProperties" /> > <property name="ticketValidator"> > <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> > <constructor-arg index="0" value="https://<hostname>/cas" /> > </bean> > </property> > <property name="key" value="an_id_for_this_auth_provider_only" /> > </bean> > > <bean id="userService" > class="org.hpi.iris.services.CustomUserDetailsService" /> > > <bean id="logoutFilter" > class="org.springframework.security.web.authentication.logout.LogoutFilter"> > <constructor-arg value="/" /> > <constructor-arg> > <list> > <bean > class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" > > /> > </list> > </constructor-arg> > </bean> > > <bean id="servletContext" > class="org.springframework.web.context.support.ServletContextFactoryBean" /> > > <bean id="etf" > class="org.springframework.security.web.access.ExceptionTranslationFilter"> > <property name="authenticationEntryPoint" ref="casEntryPoint" /> > </bean> > > <bean id="wrappingFilter" > class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter" /> > > </beans> > > logout.jsp > > <a href="logout/cas">Logout of in all applications</a> > > cas.log > > 2016-09-19 15:47:09,995 DEBUG > [org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - Generated logout > message: [<samlp:LogoutRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-1-qFurZ54zaXVbviIalCkZ93lDbYuBAT6m5qE" Version="2.0" > IssueInstant="2016-09-19T15:47:09Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-2-Ag6SgNIyvMUGT9mKNkEo-<hostname></samlp:SessionIndex></samlp:LogoutRequest>] > 2016-09-19 15:47:09,995 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - > Sending logout request for: > [https://<hostname>:8444/WebApp3/j_spring_cas_security_check] > 2016-09-19 15:47:10,000 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - > Prepared logout message to send is > [org.jasig.cas.logout.LogoutManagerImpl$LogoutHttpMessage@1771cadc[url=https://<hostname>:8444/WebApp3/j_spring_cas_security_check,message=<samlp:LogoutRequest > > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > ID="LR-1-qFurZ54zaXVbviIalCkZ93lDbYuBAT6m5qE" Version="2.0" > IssueInstant="2016-09-19T15:47:09Z"><saml:NameID > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-2-Ag6SgNIyvMUGT9mKNkEo-<hostname></samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded]] > 2016-09-19 15:47:10,068 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - > Captured logout request > [org.jasig.cas.logout.DefaultLogoutRequest@655231e3[ticketId=ST-2-Ag6SgNIyvMUGT9mKNkEo-<hostname>,service=https://<hostname>:8444/WebApp3/j_spring_cas_security_check,status=SUCCESS]] > 2016-09-19 15:47:10,069 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to > retrieve ticket > [TGT-**********************************************lfaFE4hhow-<hostname>] > 2016-09-19 15:47:10,071 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket > [TGT-**********************************************lfaFE4hhow-<hostname>] > found in registry. > 2016-09-19 15:47:10,072 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing children > of ticket > [TGT-**********************************************lfaFE4hhow-<hostname>] > from the registry. > 2016-09-19 15:47:10,084 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket > [TGT-**********************************************lfaFE4hhow-<hostname>] > from the registry. > 2016-09-19 15:47:10,099 DEBUG > [org.jasig.cas.CentralAuthenticationServiceImpl] - Publishing > org.jasig.cas.support.events.CasTicketGrantingTicketDestroyedEvent@b348523[ticketGrantingTicket=TGT-**********************************************lfaFE4hhow-<hostname>] > 2016-09-19 15:47:10,100 DEBUG > [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - Trying > to see if target's return value is instance of [Assertion]... > 2016-09-19 15:47:10,100 DEBUG > [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - > Resolving principal from the delegate principal resolver: > [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver@3d5cf9c4]... > 2016-09-19 15:47:10,100 DEBUG > [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving > argument [String] for audit > 2016-09-19 15:47:10,100 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to > retrieve ticket > [TGT-**********************************************lfaFE4hhow-<hostname>] > 2016-09-19 15:47:10,101 DEBUG > [org.jasig.cas.CentralAuthenticationServiceImpl] - Ticket > [TGT-**********************************************lfaFE4hhow-<hostname>] > by type [Ticket] cannot be found in the ticket registry. > 2016-09-19 15:47:10,109 DEBUG > [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Could not > locate ticket > [TGT-**********************************************lfaFE4hhow-<hostname>] > in the registry > 2016-09-19 15:47:10,110 DEBUG > [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - > Meaningful principal id could not be resolved by > [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver@4dafaeaa]. > Returning [audit:unknown]... > 2016-09-19 15:47:10,110 DEBUG > [org.jasig.cas.web.support.TGCCookieRetrievingCookieGenerator] - Removed > cookie with name [TGC] > 2016-09-19 15:47:10,110 DEBUG > [org.jasig.cas.web.WarningCookieRetrievingCookieGenerator] - Removed cookie > with name [CASPRIVACY] > 2016-09-19 15:47:10,118 DEBUG > [org.jasig.cas.services.web.RegisteredServiceThemeBasedViewResolver] - View > resolved: /WEB-INF/view/jsp/default/ui/casLogoutView.jsp > 2016-09-19 15:47:10,179 DEBUG > [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - Connecting > socket to <hostname>/<hostip>:8444 with timeout 5000 > 2016-09-19 15:47:10,181 DEBUG > [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - Enabled > protocols: [TLSv1, TLSv1.1, TLSv1.2] > 2016-09-19 15:47:10,181 DEBUG > [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - Enabled > cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > 2016-09-19 15:47:10,181 DEBUG > [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - Starting > handshake > 2016-09-19 15:47:10,205 DEBUG > [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - Secure > session established > 2016-09-19 15:47:10,206 DEBUG > [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - negotiated > protocol: TLSv1.2 > 2016-09-19 15:47:10,206 DEBUG > [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - negotiated > cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > 2016-09-19 15:47:10,206 DEBUG > [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - peer > principal: CN=<hostname>, OU=HPI, O=HP, L=Bloomington, ST=MN, C=US > 2016-09-19 15:47:10,206 DEBUG > [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - issuer > principal: CN=<hostname>, OU=HPI, O=HP, L=Bloomington, ST=MN, C=US > 2016-09-19 15:47:31,024 DEBUG [org.jasig.cas.util.CasSpringBeanJobFactory] > - Created job > org.jasig.cas.services.DefaultServicesManagerImpl$ServiceRegistryReloaderJob@4340fcf7 > > for bundle org.quartz.spi.TriggerFiredBundle@8f5988b > > -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-dev+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
