Reputation: 101
Jasig CAS Single Sign Out - Logout
I'm currently making tests with the CAS server 3.5.2 and I'm facing problems with the logout. My knowledge in these topics is limited and I don't manage to go further on that point.
I installed a CAS server and I've got 2 instances of the same java application that point to that CAS server (appologize if I don't use the adecuates terms). So, when I access to the protected resources of my client aplication, I'm redirected to the CAS login page, I check in my DB if credentials are ok and then I access the resource. Then, if I access to the same protected resource from the second instance of the client application I'm not redirected to login page. That's perfect.
The problem is situated in the logout. To do so, I first execute a session.invalidate() and access to the CAS logout page. It's ok because, from the application from which I logged out, I must login again to access the protected resources. On the other side, the second application remains connected and I can access the protected resources without login again. Well, I know that the session.invalidate() is local to the first application but I thought that CAS server would have "broadcasted" the desconnexion to the other application but no.
Is there somebody who can give me experience feedback for the single sing out topic ?
Upvotes: 1
Views: 1340
Answers (2)
Reputation: 101
Finally I solved... In web.xml, the order of filters is important. Filters for Single-sign out must be placed at the begining. See that section https://wiki.jasig.org/display/CASC/CAS+Client+for+Java+3.1#CASClientforJava3.1-OrderofRequiredFilters
Upvotes: 0
Reputation: 56
First make sure that SSO is enabled in the CAS properties file, if not make sure the SSO Listener is enabled in the clients. If they are enabled then my guess would be the issue is in either the LogoutManagerImpl.java or SamlCompliantLogoutMessageCreator.java files.
The SSO in CAS is performed through the back-channel by transmitting a SAML XML message. I had an issue with the SSO function last year only to find out that the XML message being broadcasted had an error that prevented it from being parsed.
Upvotes: 1
Related Questions
- CAS Single LogOut(SLO) not working - CAS 4.2.3
- How does CAS SLO (Single LogOut) work internally
- Single Logout with CAS
- cas custom logout
- CAS Single logout not working
- Single sign out in CAS
- Implement CAS Single Sign Out for Cross Domain Applications
- CAS Single Logout Issue
- Log out of the jasig cas4.0 not logging out of google OAuth2.0 service
- CAS logout and cookies elimination