See https://github.com/Jasig/java-cas-client#configuring-single-sign-out <https://github.com/Jasig/java-cas-client#configuring-single-sign-out> and https://github.com/Jasig/java-cas-client#recommend-logout-procedure <https://github.com/Jasig/java-cas-client#recommend-logout-procedure>
- Misagh > On May 25, 2015, at 3:20 PM, Gianluca Diodato <gianluca.diod...@gmail.com> > wrote: > > Hi Misagh, > I'm trying to logout from my app1 in this way: > > <li> > <a > href="https://cassso.smartcampus.org:9443/cas/logout?service=http%3A%2F%2Fsm.campus.iit%3A8080%2FSmartMobility%2F"><i > class="fa fa-power-off small"></i>Esci</a></li> > > but the redirect is my app1 homepage with the username present in > <%=request.getRemoteUser()%> so it seems the user is already logged. > Can I redirect my app1 to login cas server for my app1 as when i launch the > application first time? > > If i use auto-login method it works, the user is logged out and redirect to > login form with blank textbox and messages from cas server is ok. > > Best > Gianluca > > Il giorno mercoledì 20 maggio 2015 17:28:32 UTC+2, Misagh Moayyed ha scritto: > - Enable SLO for the CAS server. > > - Optionally, log out of app 1 > > - Issue a request to log out of CAS with /cas/logout, provide a > parameter that would return you back to app1 > > - Logging out of CAS will automatically log you out of everything > else, provided those apps can interpret the SLO message via some sort of CAS > client. > > > Note that you can’t guarantee that you’d always go back to app1. It depends > on where the flow starts and who starts it. > > > From: Gianluca Diodato [mailto:gianluca...@gmail.com <javascript:>] > Sent: Wednesday, May 20, 2015 6:08 AM > To: cas-...@lists.jasig.org <javascript:> > Cc: cas-...@lists.jasig.org <javascript:>; mmoa...@unicon.net <javascript:> > Subject: Re: [cas-user] Empty Attribute Map > > > Hi Misagh, > I solved my problems with attributes and SAML protocol. > Now, I need to understand how to implements a right logout and slo for my app > clients in Java. > My configuration is this one: > > 1. CAS Server into VM > 2. Java Cas Client webapp1 into other VM; > 3. Java Cas Client webapp2 into other VM; > 4. ... > 5. Java Cas Client webappN into other VM. > > I launch webapp1 and I are redirect to login Cas Server, authentication and > attributes are send back to webapp1 correctly. > If I acces to webapp2..N I am logging right with the same user. > Now if user click logout into one of webapp1...N I want to redirect to login > page of webapp1...N and that user can't access to sso without do login. > > How to do this? > > Thanks > Gianluca > > Il giorno venerdì 15 maggio 2015 16:32:32 UTC+2, Misagh Moayyed ha scritto: > > Here is an example on how to configure the SAML authn and validation filters > in your app: > > https://github.com/UniconLabs/cas-sample-java-webapp/blob/master/src/main/webapp/WEB-INF/web.xml > > <https://github.com/UniconLabs/cas-sample-java-webapp/blob/master/src/main/webapp/WEB-INF/web.xml> > > > From: Misagh Moayyed [mailto:mmoa...@unicon.net <>] > Sent: Friday, May 15, 2015 7:29 AM > To: cas-...@lists.jasig.org <> > Subject: Re: [cas-user] Empty Attribute Map > > > If your app is protected by the Java CAS client, you have a number of options: > > > 1. Use SAML validation and authentication filters, or > > > 2. Modify the CAS server's validation jsp to return attributes, or > > > 3. Use the validator in CAS client 3.4.0 (for which you will need to download > the client code, build the jar and include it in the app for now) that > allows you to point to /p3/serviceValidate > > > #1 would probably be the easiest to configure for now. > > From: "Gianluca Diodato" <gianluca...@gmail.com <>> > To: cas-...@lists.jasig.org <> > Cc: cas-...@lists.jasig.org <>, mmoa...@unicon.net <> > Sent: Friday, May 15, 2015 5:57:08 AM > Subject: Re: [cas-user] Empty Attribute Map > > Ok, I understand now in effect into ticketExpirationPolicies.xml I can read 1 > time use of ticket. > > So, what is the right choice to do in order to retrieve my own attributes for > my service after login from my client java webapp? > > > thanks > > Gianluca > > Il giorno venerdì 15 maggio 2015 14:47:07 UTC+2, Misagh Moayyed ha scritto: > > Because you are validating the same ticket id twice. > > > Your java webapp receives ST-4 and validates it. When a ST is validated, it > is expired and thus removed. Then, you attempt to execute the same operation > in your browser, which causes validation to fail. STs can be only be used > once, unless you change the expiration policy for STs. > > > From: Gianluca Diodato [mailto:gianluca...@gmail.com <>] > Sent: Friday, May 15, 2015 5:44 AM > To: cas-...@lists.jasig.org <> > Cc: mmoa...@unicon.net <>; cas-...@lists.jasig.org <> > Subject: Re: [cas-user] Empty Attribute Map > > > Hi Misagh, > > why you said I have 2 requests to validate the same ticket?? > > I don't understand... > > In the log that I posted there are a SERVICE_TICKET_VALIDATED (after login > from my java webapp client side) and a SERVICE_TICKET_VALIDATE_FAILED (from > my browser client side when I tried to access this url > https://cas_server/cas/p3/serviceValidate?ticket= > <https://cas_server/cas/p3/serviceValidate?ticket=>ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/>&service=http://localhost:8080/Campus/mainpage.jsp > > <http://www.google.com/url?q=http%3A%2F%2Flocalhost%3A8080%2FCampus%2Fmainpage.jsp&sa=D&sntz=1&usg=AFQjCNGR0ce21s5VKuT8uLduzW-gGTU7kg>). > > > What Wrong? > > > Gianluca > > > Il giorno venerdì 15 maggio 2015 14:03:41 UTC+2, Misagh Moayyed ha scritto: > > Your CAS client is attempting to resuse a service ticket, or it’s submitting > the same request twice. It validates ST-4 and about a minute later it > attempts to validate it again. That won’t work. > > > Monitor traffic and see why you have two requests to validate the same ticket. > > > From: Gianluca Diodato [mailto:gianluca...@gmail.com <>] > Sent: Friday, May 15, 2015 4:44 AM > To: cas-...@lists.jasig.org <> > Cc: mmoa...@unicon.net <>; cas-...@lists.jasig.org <> > Subject: Re: [cas-user] Empty Attribute Map > > > Hi Misagh, > This is my last test with deployerConfigContext.xml file. > Anyway I don't access to any serviceValidate page (Cas2,Cas3,Saml). > When I'm trying to acces I have always this answer: > > 2015-05-15 13:18:23,465 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered > services.> > 2015-05-15 13:18:23,465 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/Campus/mainpage.jsp > <http://localhost:8080/Campus/mainpage.jsp>> > 2015-05-15 13:18:23,465 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/SmartMobility/.* > <http://localhost:8080/SmartMobility/.*>> > 2015-05-15 13:18:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> > 2015-05-15 13:19:31,657 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated > service for: http://localhost:8080/Campus/mainpage.jsp > <http://localhost:8080/Campus/mainpage.jsp>> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/>]> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket > [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/>] found in > registry.> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - > <Found attribute [first_name] in the list of allowed attributes for service > [Test CAS]> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to return > for service [Test CAS] is [gianluca...@iit.cnr.it <>]. The default principal > id is [gianluca...@iit.cnr.it <>].> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket > [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/>] from registry> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/>]> > 2015-05-15 13:19:31,658 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/> > ACTION: SERVICE_TICKET_VALIDATED > APPLICATION: CAS > WHEN: Fri May 15 13:19:31 CEST 2015 > CLIENT IP ADDRESS: 146.48.89.203 > SERVER IP ADDRESS: 146.48.89.135 > ============================================================= > > > > 2015-05-15 13:19:31,659 DEBUG [org.jasig.cas.web.ServiceValidateController] - > <Successfully validated service ticket > ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/> for service > [http://localhost:8080/Campus/mainpage.jsp > <http://localhost:8080/Campus/mainpage.jsp>]> > 2015-05-15 13:20:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered > services.> > 2015-05-15 13:20:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/Campus/mainpage.jsp > <http://localhost:8080/Campus/mainpage.jsp>> > 2015-05-15 13:20:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/SmartMobility/.* > <http://localhost:8080/SmartMobility/.*>> > 2015-05-15 13:20:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> > 2015-05-15 13:22:23,465 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered > services.> > 2015-05-15 13:22:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/Campus/mainpage.jsp > <http://localhost:8080/Campus/mainpage.jsp>> > 2015-05-15 13:22:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/SmartMobility/.* > <http://localhost:8080/SmartMobility/.*>> > 2015-05-15 13:22:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> > 2015-05-15 13:24:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered > services.> > 2015-05-15 13:24:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/Campus/mainpage.jsp > <http://localhost:8080/Campus/mainpage.jsp>> > 2015-05-15 13:24:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/SmartMobility/.* > <http://localhost:8080/SmartMobility/.*>> > 2015-05-15 13:24:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> > 2015-05-15 13:25:08,452 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated > service for: http://localhost:8080/Campus/mainpage.jsp > <http://localhost:8080/Campus/mainpage.jsp>> > 2015-05-15 13:25:08,452 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/>]> > 2015-05-15 13:25:08,453 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] > - <ServiceTicket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/>] does not exist.> > 2015-05-15 13:25:08,453 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/>]> > 2015-05-15 13:25:08,453 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/> > ACTION: SERVICE_TICKET_VALIDATE_FAILED > APPLICATION: CAS > WHEN: Fri May 15 13:25:08 CEST 2015 > CLIENT IP ADDRESS: 146.48.89.203 > SERVER IP ADDRESS: 146.48.89.135 > ============================================================= > > > > 2015-05-15 13:25:08,453 DEBUG > [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file > found for [classpath:custom_messages_en] - neither plain properties nor XML> > 2015-05-15 13:25:08,454 DEBUG > [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file > found for [classpath:custom_messages] - neither plain properties nor XML> > 2015-05-15 13:25:08,454 DEBUG > [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file > found for [classpath:messages_en] - neither plain properties nor XML> > 2015-05-15 13:25:08,454 DEBUG > [org.jasig.cas.web.view.CasReloadableMessageBundle] - <Re-caching properties > for filename [classpath:messages] - file hasn't been modified> > > I modified expiredtimeout of ticket from 10 seconds to 600 seconds in > ticketExpirationPolicies.xml, but doesn't work. > > Best > Gianluca > > Il giorno venerdì 15 maggio 2015 11:12:56 UTC+2, Misagh Moayyed ha scritto: > > Are you allowing attributes for release? Is your client talking to > /p3/serviceValidate? > > > From: Gianluca Diodato [mailto:gianluca...@gmail.com <>] > Sent: Friday, May 15, 2015 1:41 AM > To: cas-...@lists.jasig.org <> > Subject: Re:[cas-user] Empty Attribute Map > > > Same problem with Java Cas Client but no answers yet from community.. > > I'm almost depressed. > > > Gianluca > > Il giorno giovedì 14 maggio 2015 12:33:26 UTC+2, Luís Lobo ha scritto: > > Hi! > > > I am using CAS Server version 4.0.1 and I am having trouble with the > attributes. The problem is that in the client side (phpCAS) the attribute map > is empty. > > > The relevant parts in my deployerConfigContext.xml are: > > <bean id="authenticationManager" > class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> > <constructor-arg> > <map> > <entry key-ref="userAuthHandler" value-ref="principalResolver" /> > </map> > </constructor-arg> > > <property name="authenticationPolicy"> > <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> > </property> > </bean> > > > The principal resolver is declared as: > > <bean id="personAttributeDao" > > class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> > <constructor-arg index="0" ref="dataSource" /> > <constructor-arg index="1" value="${auth.resolverSql}" /> > <property name="queryAttributeMapping"> > <map> > <entry key="username" value="username" /> > </map> > </property> > <property name="resultAttributeMapping"> > > > ... -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user