gpt4 book ai didi

spring - JASIG CAS : single sign out not working

转载 作者:行者123 更新时间:2023-12-03 21:47:59 25 4
gpt4 key购买 nike

我的单点登录效果很好,但单点注销不起作用。

场景是这样的:

  • 打开 webapp1 并重定向到 CAS 登录页面
  • 输入详细信息并登录
  • 打开同样使用 CAS 的 webapp2。自动登录,因为用户已经登录。
  • 退出 webapp1
  • 尝试打开 webapp1 或 webapp2(在另一个选项卡中)会将您重定向回登录页面。
  • 但是,步骤 3 中与 webapp2 的 session 并未关闭,用户仍然可以毫无问题地使用该应用程序。用户注销时如何自动使 session 无效?

  • 两个应用程序的注销按钮首先调用 session.invalidate()然后重定向到 https://localhost:8443/cas/logout
    单点注销过滤器是 web.xml 文件中的第一个过滤器。我也有 SingleSignOutHttpSessionListener在 web.xml 中。

    以下是我的 web.xml 的摘录
    <!-- CAS settings -->
    <!-- Use filter init-param if your container does not support context params.
    CAS Authentication Filter and CAS Validation Filter need a serverName init-param
    in lieu of a context-param definition. -->
    <context-param>
    <param-name>serverName</param-name>
    <param-value>https://localhost:8443</param-value>
    </context-param>

    <!-- Facilitates CAS single sign-out -->
    <listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

    <!--
    CAS client filters
    Single sign-out filter MUST come first since it needs to be evaluated
    before other filters.
    -->
    <filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>

    <filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <!--
    IMPORTANT:
    Use Saml11AuthenticationFilter for version 3.1.12 and later.
    Use org.jasig.cas.client.authentication.AuthenticationFilter for previous
    versions.
    -->
    <filter-class>
    org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
    <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>https://localhost:8443/cas/login</param-value>
    </init-param>
    <init-param>
    <param-name>service</param-name>
    <param-value>https://localhost:8443/JAdaptiv/default.action</param-value>
    </init-param>
    </filter>

    <filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class>
    org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
    <init-param>
    <param-name>casServerUrlPrefix</param-name>
    <param-value>https://localhost:8443/cas</param-value>
    </init-param>
    <init-param>
    <param-name>redirectAfterValidation</param-name>
    <param-value>true</param-value>
    </init-param>
    <init-param>
    <!-- Leniency of time checking in ms when validating SAML assertions. Consider
    setting this parameter more liberally if you anticipate system clock drift
    on your application servers relative to the CAS server. The default is 1000
    (1s) and at least one person had problems with drift at that small a tolerance
    value. A good approach is to start low and then increase by 1000 as needed
    until problems stop. Note that increasing this value may have negative security
    implications. Consider fixing clock drift problems as an alternative. -->
    <param-name>tolerance</param-name>
    <param-value>1000</param-value>
    </init-param>
    </filter>

    <filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>
    org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>

    <filter>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
    </filter>

    <filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    最佳答案

    我还遇到了标准 CAS 协议(protocol)的另一个问题,其中单点注销在集成服务器上工作,但不是从 localhost。

    设想

  • 登录两个 http://my-app-dev/apphttp://localhost:8080/app CAS 在 http://my-cas/cas
  • 退出 CAS http://my-cas/cas/logout
  • http://my-app-dev/app现在把我转到 CAS
  • http://localhost:8080 - 仍然登录!

  • 我怀疑原因是 CAS 服务器无法向 localhost:8080 发送注销消息。因为 localhost在 CAS 服务器的上下文中解析,因此它实际上并不与我的本地开发环境对话。

    关于spring - JASIG CAS : single sign out not working,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6125527/

    25 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com