HI .. i am trying to spring boot service for centralize authentication for any login service can authenticate in as a server level and provide token for login serves. how to create server service and client service for login page . help for that.
On Thu, Jun 9, 2016 at 9:20 PM, Jonathan Labin <[email protected]> wrote: > My web.xml: > > > <filter> > <filter-name>CAS Single Sign Out Filter</filter-name> > > <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> > <init-param> > <param-name>casServerUrlPrefix</param-name> > <param-value>http://mycasserver</param-value> > </init-param> > </filter> > <filter-mapping> > <filter-name>CAS Single Sign Out Filter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > <listener> > > > <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> > </listener> > <listener> > > <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> > </listener> > > <context-param> > <param-name>shiroConfigLocations</param-name> > <param-value>/WEB-INF/shiro/shiro.ini</param-value> > </context-param> > > <filter> > <filter-name>ShiroFilter</filter-name> > > <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> > </filter> > > <filter-mapping> > <filter-name>ShiroFilter</filter-name> > <url-pattern>/*</url-pattern> > <dispatcher>REQUEST</dispatcher> > <dispatcher>FORWARD</dispatcher> > <dispatcher>INCLUDE</dispatcher> > <dispatcher>ERROR</dispatcher> > </filter-mapping> > > <welcome-file-list> > <welcome-file>index.jsp</welcome-file> > </welcome-file-list> > > > I hope that helps > > On Monday, May 30, 2016 at 3:24:02 AM UTC-4, Sankalp Sharma wrote: >> >> Hi Jonathan, >> >> I am having the same problem as you had but even after ordering the >> web.xml as you described, I am still stuck with the error. >> >> I have debugged the cas java client code to find why Single Logout not >> working and found out that cas-server is sending the Logout >> request(BACK_CHANNEL) to each application but some java clients are unable >> to handle and there is no error in the logs. >> >> Please provide a solution and Can you please post your applications >> web.xml for better understanding and it will be very helpful if you can >> have a look at this page >> >> >> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/single$20logout/cas-user/Tn1kPEOFvAY/sESb-nI3BAAJ >> >> Regards, >> Sankalp >> >> >> On Wednesday, January 13, 2016 at 6:51:25 PM UTC+5:30, Jonathan Labin >> wrote: >>> >>> It looks like my web.xml was out of order. I collected all of the SLO >>> elements first (filter, filter-mapping, and listener), all of the >>> authentication elements next, and finally all of the validation elements at >>> the end. After doing that SLO seems to work as one might hope. >>> >>> So is the statement from the Jasig/java-cas-client Recommended Logout >>> Procedure >>> <https://github.com/Jasig/java-cas-client#recommend-logout-procedure> >>> untrue? >>> >>>> The client has no code to help you handle log out. The client merely >>>> places objects in session. Therefore, we recommend you do a >>>> session.invalidate() call when you log a user out. However, that's >>>> entirely your application's responsibility. >>> >>> >>> It seems that it does end the session on receipt of a SLO message from >>> the CAS server. Or am I still confused about what is happening? >>> >>> On Monday, January 11, 2016 at 1:36:34 PM UTC-5, Misagh Moayyed wrote: >>>> >>>> No there is. That is the configuration you have. Cookies are not >>>> deleted, yes, but your session is gone which is mostly what you care about. >>>> >>>> If you are not seeing SLO, look into your logs and see what is >>>> happening. >>>> >>>> >>>> >>>> *From:* Jonathan Labin [mailto:[email protected]] >>>> *Sent:* Monday, January 11, 2016 11:29 AM >>>> *To:* CAS Community <[email protected]> >>>> *Cc:* [email protected] >>>> *Subject:* Re: [cas-user] Re: Help with SLO and Java Web Client >>>> >>>> >>>> >>>> Thanks for the advice. >>>> >>>> >>>> >>>> I'm not trying to bypass the nuances of SLO. I'm trying to find out if >>>> there is any way to enable SLO in a simple cookies-based webapp (like the >>>> sample >>>> provided by UniconLabs >>>> <https://github.com/UniconLabs/cas-sample-java-webapp>). >>>> >>>> >>>> >>>> It sounds like there is not and I'll have to use one of the compatible >>>> security frameworks like Shiro or Spring Security. >>>> >>>> On Monday, January 11, 2016 at 11:13:19 AM UTC-5, Misagh Moayyed wrote: >>>> >>>> Your SLO filter is designed to do just that. It grabs onto the request, >>>> examines it and if it considers it an SLO request it will attempt to >>>> terminate the session. It also does nothing with cookies, if I recall. >>>> There are no other flags. I guess what you are trying to do is advise the >>>> webapp to log itself out on the next try, so as to preserve the current >>>> user session so as to lose any work? In that case, why don’t you just turn >>>> SLO off? What does SLO mean at that point? >>>> >>>> >>>> >>>> At any rate, I don’t know of a sane way you could manage/implement what >>>> you propose, unless you wrote your filter that set that flag and did its >>>> own thing with the session, and even then, I am not sure you can fully get >>>> there. Way too many variables can go wrong. >>>> >>>> >>>> >>>> If you are trying to bypass the nuances of SLO, you won’t be able to. >>>> You either accept SLO as is, or you turn it off and let the app do its own >>>> thing separate from the CAS SSO session. I dare say the latter is more >>>> common. >>>> >>>> >>>> >>>> *From:* [email protected] [mailto:[email protected]] *On Behalf Of >>>> *Jonathan >>>> Labin >>>> *Sent:* Monday, January 11, 2016 8:11 AM >>>> *To:* CAS Community <[email protected]> >>>> *Subject:* [cas-user] Re: Help with SLO and Java Web Client >>>> >>>> >>>> >>>> To simplify the question: >>>> >>>> Is there no way to write a webapp to respond to the logout callback by >>>> setting some flag. Then on the next access by the client browser this flag >>>> could be noticed and the session terminated (along with cookies)? >>>> >>>> >>>> >>>> Is this approach inadvisable or not possible for some reason? >>>> >>>> >>>> >>>> Thanks >>>> >>>> >>>> >>>> On Tuesday, January 5, 2016 at 11:33:54 AM UTC-5, Jonathan Labin wrote: >>>> >>>> I am having trouble with the the single log out feature. I am using >>>> CAS server 4.1.3 and client web apps based on the sample provided by >>>> UniconLabs <https://github.com/UniconLabs/cas-sample-java-webapp>. >>>> After modification according to the java client readme >>>> <https://github.com/Jasig/java-cas-client#configuring-single-sign-out>: >>>> >>>> >>>> >>>> <?xml version="1.0" encoding="UTF-8"?> >>>> >>>> <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"; >>>> >>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>>> >>>> xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee >>>> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";> >>>> >>>> <filter> >>>> >>>> <filter-name>CAS Single Sign Out Filter</filter-name> >>>> >>>> >>>> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> >>>> >>>> <!-- <init-param> >>>> >>>> <param-name>casServerUrlPrefix</param-name> >>>> >>>> <param-value>https://localhost:8181/cas</param-value> >>>> >>>> </init-param> --> >>>> >>>> </filter> >>>> >>>> <filter> >>>> >>>> <filter-name>CAS Authentication Filter</filter-name> >>>> >>>> >>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >>>> >>>> <init-param> >>>> >>>> <param-name>casServerLoginUrl</param-name> >>>> >>>> <param-value>https://localhost:8181/cas/login >>>> </param-value> >>>> >>>> </init-param> >>>> >>>> <init-param> >>>> >>>> <param-name>serverName</param-name> >>>> >>>> <param-value>https://localhost:8181</param-value> >>>> >>>> </init-param> >>>> >>>> </filter> >>>> >>>> >>>> >>>> <filter> >>>> >>>> <filter-name>CAS Validation Filter</filter-name> >>>> >>>> >>>> <filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class> >>>> >>>> <init-param> >>>> >>>> <param-name>casServerUrlPrefix</param-name> >>>> >>>> <param-value>https://localhost:8181/cas</param-value> >>>> >>>> </init-param> >>>> >>>> <init-param> >>>> >>>> <param-name>serverName</param-name> >>>> >>>> <param-value>https://localhost:8181</param-value> >>>> >>>> </init-param> >>>> >>>> <init-param> >>>> >>>> <param-name>redirectAfterValidation</param-name> >>>> >>>> <param-value>true</param-value> >>>> >>>> </init-param> >>>> >>>> <init-param> >>>> >>>> <param-name>useSession</param-name> >>>> >>>> <param-value>true</param-value> >>>> >>>> </init-param> >>>> >>>> <!-- <init-param> <param-name>acceptAnyProxy</param-name> >>>> <param-value>true</param-value> >>>> >>>> </init-param> <init-param> >>>> <param-name>proxyReceptorUrl</param-name> >>>> <param-value>/cas-sample-java-webapp/proxyUrl</param-value> >>>> >>>> </init-param> <init-param> >>>> <param-name>proxyCallbackUrl</param-name> <param-value> >>>> https://localhost:8181/cas-sample-java-webapp/proxyUrl</param-value> >>>> >>>> </init-param> --> >>>> >>>> </filter> >>>> >>>> <filter> >>>> >>>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >>>> >>>> >>>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> >>>> >>>> </filter> >>>> >>>> >>>> >>>> <filter-mapping> >>>> >>>> <filter-name>CAS Validation Filter</filter-name> >>>> >>>> <url-pattern>/*</url-pattern> >>>> >>>> </filter-mapping> >>>> >>>> >>>> >>>> <filter-mapping> >>>> >>>> <filter-name>CAS Authentication Filter</filter-name> >>>> >>>> <url-pattern>/*</url-pattern> >>>> >>>> </filter-mapping> >>>> >>>> >>>> >>>> <filter-mapping> >>>> >>>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >>>> >>>> <url-pattern>/*</url-pattern> >>>> >>>> </filter-mapping> >>>> >>>> >>>> >>>> <filter-mapping> >>>> >>>> <filter-name>CAS Single Sign Out Filter</filter-name> >>>> >>>> <url-pattern>/*</url-pattern> >>>> >>>> </filter-mapping> >>>> >>>> >>>> >>>> <listener> >>>> >>>> >>>> >>>> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> >>>> >>>> </listener> >>>> >>>> >>>> >>>> <welcome-file-list> >>>> >>>> <welcome-file> >>>> >>>> index.jsp >>>> >>>> </welcome-file> >>>> >>>> </welcome-file-list> >>>> >>>> </web-app> >>>> >>>> >>>> >>>> I can successfully log in to the web application through CAS >>>> authentication. >>>> >>>> When I log out at CAS server in another tab using: >>>> https://localhost:8181/cas/logout I receive confirmation that logout >>>> was successful. >>>> >>>> >>>> >>>> The server log shows: >>>> >>>> 2016-01-05T11:18:41.635-0500|Info: 2016-01-05 11:18:41,635 DEBUG >>>> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Ticket found. >>>> Processing logout requests and then deleting the ticket...> >>>> >>>> 2016-01-05T11:18:41.636-0500|Info: 2016-01-05 11:18:41,636 DEBUG >>>> [org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated >>>> logout message: [<samlp:LogoutRequest >>>> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >>>> ID="LR-4-0sROBuPSyWPSs5z6tVOVXxCFjnejqH9jrbs" Version="2.0" >>>> IssueInstant="2016-01-05T11:18:41Z"><saml:NameID >>>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ >>>> </saml:NameID><samlp:SessionIndex> >>>> ST-5-7pGNgBnwf4JGqmJY7era-mycastest.myorg.org >>>> </samlp:SessionIndex></samlp:LogoutRequest>]> >>>> >>>> 2016-01-05T11:18:41.636-0500|Info: 2016-01-05 11:18:41,636 DEBUG >>>> [org.jasig.cas.logout.LogoutManagerImpl] - <Sending logout request for: [ >>>> https://localhost:8181/cas-sample-java-webapp-2/]> >>>> >>>> 2016-01-05T11:18:41.636-0500|Info: 2016-01-05 11:18:41,636 DEBUG >>>> [org.jasig.cas.logout.LogoutManagerImpl] - <Prepared logout message to send >>>> is [org.jasig.cas.logout.LogoutManagerImpl$LogoutHttpMessage@46569bda >>>> [url=https://localhost:8181/cas-sample-java-webapp-2/,message=<samlp:LogoutRequest >>>> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >>>> ID="LR-4-0sROBuPSyWPSs5z6tVOVXxCFjnejqH9jrbs" Version="2.0" >>>> IssueInstant="2016-01-05T11:18:41Z"><saml:NameID >>>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ >>>> </saml:NameID><samlp:SessionIndex> >>>> ST-5-7pGNgBnwf4JGqmJY7era-mycastest.myorg.org >>>> </samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded]]> >>>> >>>> 2016-01-05T11:18:41.638-0500|Info: 2016-01-05 11:18:41,638 DEBUG >>>> [org.jasig.cas.logout.LogoutManagerImpl] - <Captured logout request >>>> [org.jasig.cas.logout.DefaultLogoutRequest@479d1dbc[ticketId= >>>> ST-5-7pGNgBnwf4JGqmJY7era-mycastest.myorg.org,service= >>>> https://localhost:8181/cas-sample-java-webapp-2/,status=SUCCESS]]> >>>> >>>> 2016-01-05T11:18:41.638-0500|Info: 2016-01-05 11:18:41,638 DEBUG >>>> [org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated >>>> logout message: [<samlp:LogoutRequest >>>> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >>>> ID="LR-5-uiOMuNVN2F9ENMiORMqhGn02bWrL6u5NKZf" Version="2.0" >>>> IssueInstant="2016-01-05T11:18:41Z"><saml:NameID >>>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ >>>> </saml:NameID><samlp:SessionIndex> >>>> ST-4-1m5RMx43NhaU2wreOvbp-mycastest.myorg.org >>>> </samlp:SessionIndex></samlp:LogoutRequest>]> >>>> >>>> 2016-01-05T11:18:41.639-0500|Info: 2016-01-05 11:18:41,638 DEBUG >>>> [org.jasig.cas.logout.LogoutManagerImpl] - <Sending logout request for: [ >>>> https://localhost:8181/cas-sample-java-webapp-1/]> >>>> >>>> 2016-01-05T11:18:41.639-0500|Info: 2016-01-05 11:18:41,639 DEBUG >>>> [org.jasig.cas.logout.LogoutManagerImpl] - <Prepared logout message to send >>>> is [org.jasig.cas.logout.LogoutManagerImpl$LogoutHttpMessage@5601d15a >>>> [url=https://localhost:8181/cas-sample-java-webapp-1/,message=<samlp:LogoutRequest >>>> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >>>> ID="LR-5-uiOMuNVN2F9ENMiORMqhGn02bWrL6u5NKZf" Version="2.0" >>>> IssueInstant="2016-01-05T11:18:41Z"><saml:NameID >>>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@ >>>> </saml:NameID><samlp:SessionIndex> >>>> ST-4-1m5RMx43NhaU2wreOvbp-mycastest.myorg.org >>>> </samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded]]> >>>> >>>> 2016-01-05T11:18:41.641-0500|Info: 2016-01-05 11:18:41,641 DEBUG >>>> [org.jasig.cas.logout.LogoutManagerImpl] - <Captured logout request >>>> [org.jasig.cas.logout.DefaultLogoutRequest@2b711a3c[ticketId= >>>> ST-4-1m5RMx43NhaU2wreOvbp-mycastest.myorg.org,service= >>>> https://localhost:8181/cas-sample-java-webapp-1/,status=SUCCESS]]> >>>> >>>> >>>> >>>> and then to complete the TICKET_GRANTING_TICKET_DESTROYED action. >>>> >>>> >>>> >>>> I'm not exactly sure what i'm looking for but a few things stand out. >>>> >>>> 1) I see that the chain for logout of each client webapp ends with the >>>> term status=SUCCESS. Is that indicative of a successful logout or simply >>>> that the POST was made. >>>> >>>> 2) There are a number of places where SAML shows up in that log >>>> segment. Does that mean I need to run the SAML protocol on my client? If >>>> so, is that in addition to or in replacement of the CAS ticket validation >>>> filter or are those unrelated? >>>> >>>> >>>> >>>> After the logout I am still able to navigate the test client >>>> application(s) so the session has not been ended. >>>> >>>> Assuming that my configuration of server and client are correct (may >>>> not be true), What should my application do to correctly respond to the SLO >>>> protocol? >>>> >>>> I see the line in the client documentation stating: >>>> >>>> The client has no code to help you handle log out. The client merely >>>> places objects in session. >>>> >>>> but what objects are placed into the session and how should the client >>>> be written to recognize these objects and perform a session invalidation on >>>> the next access attempt? >>>> >>>> >>>> >>>> Are there any simple examples of a web client that appropriately >>>> responds to the SLO protocol? >>>> >>>> ... >>> >>> -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/66713d94-d1a6-4fc4-aef5-482df50978d2%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/66713d94-d1a6-4fc4-aef5-482df50978d2%40apereo.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE7%2Ber8vF%2BFPRYrWpSOs%2BcX65eXNf3bFLHdoMkHv54L6f-LY6A%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
