Results 1 to 2 of 2

Thread: CAS SSO Logout using spring security

  1. Dec 5th, 2012, 10:40 PM #1
    mckenzie
    mckenzie is offline Junior Member
    Join Date
    Dec 2012
    Posts
    15

    Default CAS SSO Logout using spring security

    Hi ,

    i am a newbie to Spring Security and CAS. I am implementing SSO using CAS integrated with spring security. I need help in implementing CAS logout which which invalidate the session,ST generated both in the application and CAS and redirects to the CAS login page.

    These are my config i have done referring to various websites but still struggling

    Changes in CAS -
    In cas-servlet.xml:

    <bean id="logoutController" class="org.jasig.cas.web.LogoutController"
    <!-- other reqd props ->
    p:followServiceRedirects="true"/>

    I want to know what must be the URL i need to configure in the logoutFilter . As of now i have configured the CAS logout URL. But the issue is the page is just redirected to the url configured , but neither the CAS nor the application is logged out. Below is the bean config

    <bean id="logoutFilter" class="org.springframework.security.web.authentica tion.logout.LogoutFilter">
    <!-- URL redirected to after logout success -->
    <constructor-arg value="https://CAS-server URL:8443/cas-server-webapp-3.5.1/j_spring_security_logout"/>
    <constructor-arg>
    <list>
    <bean class="org.springframework.security.web.authentica tion.logout.SecurityContextLogoutHandler"/>
    <bean class="com.infosys.iengage.sso.logout.CustomLogout Handler"/>
    </list>
    </constructor-arg>
    </bean>

    I have implemented a CustomLogoutHandler which redirects the user to the https://CAS-server URL:8443/cas-server-webapp-3.5.1/j_spring_security_logout.


    Can you please help me understanding and resolving this?

    Thanks,
    Mckenzie
    Reply With Quote Reply With Quote
  2. Dec 7th, 2012, 03:58 PM #2
    arthomps
    arthomps is offline Senior Member
    Join Date
    Dec 2008
    Location
    New York City
    Posts
    135

    Default

    Quote Originally Posted by mckenzie View Post
    Hi ,

    i am a newbie to Spring Security and CAS. I am implementing SSO using CAS integrated with spring security. I need help in implementing CAS logout which which invalidate the session,ST generated both in the application and CAS and redirects to the CAS login page.

    These are my config i have done referring to various websites but still struggling

    Changes in CAS -
    In cas-servlet.xml:

    <bean id="logoutController" class="org.jasig.cas.web.LogoutController"
    <!-- other reqd props ->
    p:followServiceRedirects="true"/>

    I want to know what must be the URL i need to configure in the logoutFilter . As of now i have configured the CAS logout URL. But the issue is the page is just redirected to the url configured , but neither the CAS nor the application is logged out. Below is the bean config

    <bean id="logoutFilter" class="org.springframework.security.web.authentica tion.logout.LogoutFilter">
    <!-- URL redirected to after logout success -->
    <constructor-arg value="https://CAS-server URL:8443/cas-server-webapp-3.5.1/j_spring_security_logout"/>
    <constructor-arg>
    <list>
    <bean class="org.springframework.security.web.authentica tion.logout.SecurityContextLogoutHandler"/>
    <bean class="com.infosys.iengage.sso.logout.CustomLogout Handler"/>
    </list>
    </constructor-arg>
    </bean>

    I have implemented a CustomLogoutHandler which redirects the user to the https://CAS-server URL:8443/cas-server-webapp-3.5.1/j_spring_security_logout.


    Can you please help me understanding and resolving this?

    Thanks,
    Mckenzie
    https://jira.springsource.org/browse/SEC-748
    Andrew Thompson - Linked In
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules