Hi, Regarding logout, I can't remember exactly if I did the test or someone else, but I think it works. Did you try some debugging in the SingleSignOutFilter?
To get user's attributes, things are a little more complex: - you need to retrieve the user's attributes inside the CAS server (should be what you did) - define that you want to push these attributes for the CAS service representing the Shiro application (*allowedAttributes* or *ignore*parameter for this CAS service) - use the SAML validation And then, the user's attributes will be available as the second principal: https://github.com/apache/shiro/blob/1.2.x/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java#L162 . Best regards, Jérôme 2014/1/15 Eduardo J. Ortega U [via Shiro User] < [email protected]> > Hi, all: > > We are setting up out first Shiro enabled application with CAS > authentication. Authentication seems to work fine, however, we have two > issues: > > - We want to have Single Sign out, so that when a user signs out of > CAS, he/she is signed out of CAS and therefore all apps. Currently, if I > logout of the application (using Shiro's logout feature), and then try to > access one of the protected pages, browser gets redirected to CAS, which in > turn validates and redirects to http://myhost/myapp/shiro-cas and then > /shiro-cas redirects it to the requested URL of the application, so > effectively the user is logged back in the application. Also, if the user > logs out of CAS (visiting http://myhost/CAS/logout) its CAS session > ends but the application session remains, so he / she can still access the > protected areas. I set up the following on myapp web.xml: > > > <filter> > <filter-name>CAS Single Sign Out Filter</filter-name> > > <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> > </filter> > > <filter-mapping> > <filter-name>CAS Single Sign Out Filter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > <listener> > > <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> > </listener> > > But it is not working. What am I missing? > > - We want to access some of the user attributes from inside our > application. I set up CAS properties to map the attributes, setting this on > CAS deployerConfigContext.xml > > <bean id="attributeRepository" > class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> > <property name="contextSource" ref="contextSource" /> > <property name="baseDN" value="ou=People,dc=example,dc=com,dc=co" > /> > <property name="requireAllQueryAttributes" value="true" /> > <property name="queryAttributeMapping"> > <map> > <entry key="username" value="uid" /> > </map> > </property> > <property name="resultAttributeMapping"> > <map> > <!-- Mapping beetween LDAP entry attributes (key) and > Principal's (value) --> > <entry value="Name" key="displayName" /> > <entry key="distinguishedName" value="dn" /> > </map> > </property> > </bean> > And then access them from inside the Shiro application like this: > > AttributePrincipal principal = > (AttributePrincipal)request.getUserPrincipal(); > Map attributes = principal.getAttributes(); > > But we get an error saying we cannot cast Request to AttributePrincipal. I > guess I am missing something here, too. > > Any help is greatly appreciated. > > > -- > -- > Eduardo J. Ortega > Tel: 57+1+2553580 > Cel: 57+317+4415156 > Zürich > CL 72 5 83 Piso 11, Bogotá, CO. > > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/CAS-Single-Sign-Out-and-LDAP-attribute-retrieval-tp7579510.html > To start a new topic under Shiro User, email > [email protected] > To unsubscribe from Shiro User, click > here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=bGVsZXVqQGdtYWlsLmNvbXw1ODI1NTZ8LTExNzY2MzcxMTY=> > . > NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://shiro-user.582556.n2.nabble.com/CAS-Single-Sign-Out-and-LDAP-attribute-retrieval-tp7579510p7579514.html Sent from the Shiro User mailing list archive at Nabble.com.
