CAS Shiro the issue of not exiting a single sign-on

Source: Internet
Author: User
Tags cas

CAS3.4 version has been very good support for the single point logoff function, the effect is very good, configuration is quite simple.

Previous versions because the CAS server did not specify post when sending messages through HttpClient, no POST request was received in the logoff filter of the CAS client and no session destruction was processed.

The current version as long as the official website instructions correctly configured.

Suppose the environment is as follows:

Two business systems APP1 and APP2

When no single point of exit is configured, the effect is this

1: Login APP1, then enter APP1 after CAS authentication

Re-access APP2 no need to authenticate

2: In APP1 connected to the CAS logout address, the phenomenon of cancellation of the successful interface, and then access to APP1, or can go in, because APP1 will be the user's login ticket into the session.

Then the effect of a single point of exit should be this:

1: Login APP1, then enter APP1 after CAS authentication

Re-access APP2 no need to authenticate

2: Users in APP1 or APP2 click Logout, display the CAS Logout success page, and then visit APP1 or APP2 need to authenticate again.

The specific configuration is:

Added in the Web.xml files of APP1 and APP2:

         <listener>
		<listener-class>org.jasig.cas.client.session.singlesignouthttpsessionlistener</ listener-class>
	</listener>
	<filter>
		<filter-name>singlesignoutfilter</ Filter-name>
		<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>singleSignOutFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>


The cancellation of the filter is to be before other filter

The logout of the interface connects to the logout address of the CAs, such as Http://localhost:8080/cas/logout

Done

Note: If you visit the logout of CAs directly, there will be a cancellation of the successful page, in fact, most of the time this page is not necessary, more requirements may be exited after the display login page, and the successful login will still enter the previous business system, You can modify the Cas-servlet.xml file, add the attribute "Followserviceredirects" in the "Logoutcontroller" Bean configuration, set to "true", and then add the " Service parameter ", the value is the absolute URL of the business system, so OK, if your business system URL is: http://localhost:8080/casClient, then logout URL is: Http://localhost:8080/cas /logout?service=http://localhost:8080/casclient

<bean id= "Logoutcontroller" class= "Org.jasig.cas.web.LogoutController"
p:centralauthenticationservice-ref= "Centralauthenticationservice"
p:logoutview= "Caslogoutview"
p:warncookiegenerator-ref= "Warncookiegenerator"
p:ticketgrantingticketcookiegenerator-ref= "Ticketgrantingticketcookiegenerator"
P:followserviceredirects= "true"
/>

Logout button

<a href= "Http://localhost:8080/cas/logout?service=http://localhost:8080/casClient" > Logoff </a>

Reprinted from: CAS 3.4 Single point exit detail configuration (configuring one Sign out)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.