发表新帖
发表新帖

JASIG CAS: single sign out not working

后端 未结
关注
5 1863
名媛妹妹
名媛妹妹 2021-02-09 06:43

I have single sign on working beautifully, but single sign-out is not working.

The scenario is like this:

  1. Open webapp1 and get redirected to CAS login page
相关标签:
5条回答
  • 悲哀的现实
    2021-02-09 07:15

    I had the same problem. We had a java and a php client. When I went to http://mycasserver/logout only the java client logged out.

    For the single sign out to work in the php client, you have to change:

    phpCAS::handleLogoutRequests();

    for

    phpCAS::handleLogoutRequests(false);

    And Voila! Refer to the documentation at phpCAS examples

    0 讨论(0)
  • 感动是毒
    2021-02-09 07:17

    I also had another issue with standard CAS protocol, where single sign-out worked on an integration server but not from localhost.

    Scenario

    • log into both http://my-app-dev/app and http://localhost:8080/app with CAS on http://my-cas/cas
    • log out of CAS http://my-cas/cas/logout
    • http://my-app-dev/app now bounces me to CAS
    • http://localhost:8080 - still logged in!

    I suspect the reason is the CAS server couldn't send a sign-out message to localhost:8080 because localhost is resolved in the CAS server's context, so it doesn't actually talk to my local dev environment.

    0 讨论(0)
  • 既然无缘
    2021-02-09 07:24

    I've had basically the same configuration for my application before I switched to the spring configuration. I had a look on the SVN and basically the only difference to your config is the use of the Single Sign Out Listener

    listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

    Could this work for you? Of course don't forget to add it on both WebApps if it works.

    UPDATE: I found the description of the listener in the docs, and it should do what's missing in your setting

    0 讨论(0)
  • 傲寒
    2021-02-09 07:27

    You should verify that the CAS server can send a HTTP request to your webapp. Have a look in the logs of the CAS server.

    0 讨论(0)
  • 没有蜡笔的小新
    2021-02-09 07:33

    If you're using SAML 1.1 protocol be sure that you included the artifactParameterName parameter

    https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out

    <filter>
   <filter-name>CAS Single Sign Out Filter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
   <init-param>
      <param-name>artifactParameterName</param-name>
      <param-value>SAMLart</param-value>
   </init-param>
</filter>
    0 讨论(0)
 看不清?
提交回复
热议问题