CAS Shiro the issue of not exiting a single sign-on

CAS3.4 version has been very good support for the single point logoff function, the effect is very good, configuration is quite simple.

Previous versions because the CAS server did not specify post when sending messages through HttpClient, no POST request was received in the logoff filter of the CAS client and no session destruction was processed.

The current version as long as the official website instructions correctly configured.

Suppose the environment is as follows:

Two business systems APP1 and APP2

When no single point of exit is configured, the effect is this

1: Login APP1, then enter APP1 after CAS authentication

Re-access APP2 no need to authenticate

2: In APP1 connected to the CAS logout address, the phenomenon of cancellation of the successful interface, and then access to APP1, or can go in, because APP1 will be the user's login ticket into the session.

Then the effect of a single point of exit should be this:

1: Login APP1, then enter APP1 after CAS authentication

Re-access APP2 no need to authenticate

2: Users in APP1 or APP2 click Logout, display the CAS Logout success page, and then visit APP1 or APP2 need to authenticate again.

The specific configuration is:

Added in the Web.xml files of APP1 and APP2:

         <listener>
		<listener-class>org.jasig.cas.client.session.singlesignouthttpsessionlistener</ listener-class>
	</listener>
	<filter>
		<filter-name>singlesignoutfilter</ Filter-name>
		<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>singleSignOutFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

The cancellation of the filter is to be before other filter

The logout of the interface connects to the logout address of the CAs, such as Http://localhost:8080/cas/logout

Done

Note: If you visit the logout of CAs directly, there will be a cancellation of the successful page, in fact, most of the time this page is not necessary, more requirements may be exited after the display login page, and the successful login will still enter the previous business system, You can modify the Cas-servlet.xml file, add the attribute "Followserviceredirects" in the "Logoutcontroller" Bean configuration, set to "true", and then add the " Service parameter ", the value is the absolute URL of the business system, so OK, if your business system URL is: http://localhost:8080/casClient, then logout URL is: Http://localhost:8080/cas /logout?service=http://localhost:8080/casclient

<bean id= "Logoutcontroller" class= "Org.jasig.cas.web.LogoutController"
p:centralauthenticationservice-ref= "Centralauthenticationservice"
p:logoutview= "Caslogoutview"
p:warncookiegenerator-ref= "Warncookiegenerator"
p:ticketgrantingticketcookiegenerator-ref= "Ticketgrantingticketcookiegenerator"
P:followserviceredirects= "true"
/>

Logout button

<a href= "Http://localhost:8080/cas/logout?service=http://localhost:8080/casClient" > Logoff </a>

Reprinted from: CAS 3.4 Single point exit detail configuration (configuring one Sign out)