CAS Single Sign Out and LDAP attribute retrieval

Wed, 15 Jan 2014 11:47:55 -0800 

Hi, all:
We are setting up out first Shiro enabled application with CAS authentication. Authentication seems to work fine, however, we have two issues: 

 * We want to have Single Sign out, so that when a user signs out of
   CAS, he/she is signed out of CAS and therefore all apps. Currently,
   if I logout of the application (using Shiro's logout feature), and
   then try to access one of the protected pages, browser gets
   redirected to CAS, which in turn validates and redirects to
   http://myhost/myapp/shiro-cas and then /shiro-cas redirects it to
   the requested URL of the application, so effectively the user is
   logged back in the application. Also, if the user logs out of CAS
   (visiting http://myhost/CAS/logout) its CAS session ends but the
   application session remains, so he / she can still access the
   protected areas. I set up the following on myapp web.xml:


    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

But it is not working. What am I missing?

 * We want to access some of the user attributes from inside our
   application. I set up CAS properties to map the attributes, setting
   this on CAS deployerConfigContext.xml


<bean id="attributeRepository" 
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">

        <property name="contextSource" ref="contextSource" />

        <property name="baseDN" 
value="ou=People,dc=example,dc=com,dc=co" />

        <property name="requireAllQueryAttributes" value="true" />
        <property name="queryAttributeMapping">
            <map>
                <entry key="username" value="uid" />
            </map>
        </property>
        <property name="resultAttributeMapping">
            <map>

                <!-- Mapping beetween LDAP entry attributes (key) and 
Principal's (value) -->

                <entry value="Name" key="displayName" />
                <entry key="distinguishedName" value="dn" />
            </map>
        </property>
    </bean>

And then access them from inside the Shiro application like this:


AttributePrincipal principal = 
(AttributePrincipal)request.getUserPrincipal();

Map attributes = principal.getAttributes();


But we get an error saying we cannot cast Request to AttributePrincipal. 
I guess I am missing something here, too.


Any help is greatly appreciated.


--
--
Eduardo J. Ortega
Tel: 57+1+2553580
Cel: 57+317+4415156
Zürich
CL 72 5 83 Piso 11, Bogotá, CO.























					Reply via email to