JASIG CAS:单点注销不起作用
|
我的单点登录工作正常,但是单点退出无效。
场景是这样的:
打开webapp1并重定向到CAS登录页面
输入详细信息并登录
打开也使用CAS的webapp2。用户已经登录,自动登录。
注销webapp1
尝试打开webapp1或webapp2(在另一个选项卡中)会将您重定向回登录页面。
但是,第3步中与webapp2的会话没有关闭,用户仍然可以使用该应用程序而没有任何问题。用户注销后,如何自动使会话无效?
这两个应用程序的注销按钮首先调用
session.invalidate()
https://localhost:8443/cas/logout
<!-- CAS settings -->
<!-- Use filter init-param if your container does not support context params.
CAS Authentication Filter and CAS Validation Filter need a serverName init-param
in lieu of a context-param definition. -->
<context-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443</param-value>
</context-param>
<!-- Facilitates CAS single sign-out -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!--
CAS client filters
Single sign-out filter MUST come first since it needs to be evaluated
before other filters.
-->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<!--
IMPORTANT:
Use Saml11AuthenticationFilter for version 3.1.12 and later.
Use org.jasig.cas.client.authentication.AuthenticationFilter for previous
versions.
-->
<filter-class>
org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>service</param-name>
<param-value>https://localhost:8443/JAdaptiv/default.action</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<!-- Leniency of time checking in ms when validating SAML assertions. Consider
setting this parameter more liberally if you anticipate system clock drift
on your application servers relative to the CAS server. The default is 1000
(1s) and at least one person had problems with drift at that small a tolerance
value. A good approach is to start low and then increase by 1000 as needed
until problems stop. Note that increasing this value may have negative security
implications. Consider fixing clock drift problems as an alternative. -->
<param-name>tolerance</param-name>
<param-value>1000</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
没有找到相关结果
已邀请:
5 个回复
弦砂牧扁
<filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> <init-param> <param-name>artifactParameterName</param-name> <param-value>SAMLart</param-value> </init-param> </filter>扭湘阀柿蹄
登录和注销CAS现在将我弹回CAS-仍然登录! 我怀疑原因是CAS服务器无法向发送登出消息,因为是在CAS服务器的上下文中解决的,因此它实际上并未与我的本地开发环境对话。门锑腺潮
对于和瞧! 请参阅phpCAS示例中的文档拟僚疽刊剔
listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener>渴翅吮斡撤