JASIG CAS: single sign out not working

后端 未结 5 1870
名媛妹妹
名媛妹妹 2021-02-09 06:43

I have single sign on working beautifully, but single sign-out is not working.

The scenario is like this:

  1. Open webapp1 and get redirected to CAS login page
相关标签:
5条回答
  • 2021-02-09 07:15

    I had the same problem. We had a java and a php client. When I went to http://mycasserver/logout only the java client logged out.

    For the single sign out to work in the php client, you have to change:

    phpCAS::handleLogoutRequests();
    

    for

    phpCAS::handleLogoutRequests(false);
    

    And Voila! Refer to the documentation at phpCAS examples

    0 讨论(0)
  • 2021-02-09 07:17

    I also had another issue with standard CAS protocol, where single sign-out worked on an integration server but not from localhost.

    Scenario

    • log into both http://my-app-dev/app and http://localhost:8080/app with CAS on http://my-cas/cas
    • log out of CAS http://my-cas/cas/logout
    • http://my-app-dev/app now bounces me to CAS
    • http://localhost:8080 - still logged in!

    I suspect the reason is the CAS server couldn't send a sign-out message to localhost:8080 because localhost is resolved in the CAS server's context, so it doesn't actually talk to my local dev environment.

    0 讨论(0)
  • 2021-02-09 07:24

    I've had basically the same configuration for my application before I switched to the spring configuration. I had a look on the SVN and basically the only difference to your config is the use of the Single Sign Out Listener

    listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>
    

    Could this work for you? Of course don't forget to add it on both WebApps if it works.

    UPDATE: I found the description of the listener in the docs, and it should do what's missing in your setting

    0 讨论(0)
  • 2021-02-09 07:27

    You should verify that the CAS server can send a HTTP request to your webapp. Have a look in the logs of the CAS server.

    0 讨论(0)
  • 2021-02-09 07:33

    If you're using SAML 1.1 protocol be sure that you included the artifactParameterName parameter

    https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out

    <filter>
       <filter-name>CAS Single Sign Out Filter</filter-name>
       <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
       <init-param>
          <param-name>artifactParameterName</param-name>
          <param-value>SAMLart</param-value>
       </init-param>
    </filter>
    
    0 讨论(0)
提交回复
热议问题