Announcement Announcement Module
Collapse
No announcement yet.
CAS SSO Logout using spring security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • CAS SSO Logout using spring security

    Hi ,

    i am a newbie to Spring Security and CAS. I am implementing SSO using CAS integrated with spring security. I need help in implementing CAS logout which which invalidate the session,ST generated both in the application and CAS and redirects to the CAS login page.

    These are my config i have done referring to various websites but still struggling

    Changes in CAS -
    In cas-servlet.xml:

    <bean id="logoutController" class="org.jasig.cas.web.LogoutController"
    <!-- other reqd props ->
    p:followServiceRedirects="true"/>

    I want to know what must be the URL i need to configure in the logoutFilter . As of now i have configured the CAS logout URL. But the issue is the page is just redirected to the url configured , but neither the CAS nor the application is logged out. Below is the bean config

    <bean id="logoutFilter" class="org.springframework.security.web.authentica tion.logout.LogoutFilter">
    <!-- URL redirected to after logout success -->
    <constructor-arg value="https://CAS-server URL:8443/cas-server-webapp-3.5.1/j_spring_security_logout"/>
    <constructor-arg>
    <list>
    <bean class="org.springframework.security.web.authentica tion.logout.SecurityContextLogoutHandler"/>
    <bean class="com.infosys.iengage.sso.logout.CustomLogout Handler"/>
    </list>
    </constructor-arg>
    </bean>

    I have implemented a CustomLogoutHandler which redirects the user to the https://CAS-server URL:8443/cas-server-webapp-3.5.1/j_spring_security_logout.


    Can you please help me understanding and resolving this?

    Thanks,
    Mckenzie

  • #2
    Originally posted by mckenzie View Post
    Hi ,

    i am a newbie to Spring Security and CAS. I am implementing SSO using CAS integrated with spring security. I need help in implementing CAS logout which which invalidate the session,ST generated both in the application and CAS and redirects to the CAS login page.

    These are my config i have done referring to various websites but still struggling

    Changes in CAS -
    In cas-servlet.xml:

    <bean id="logoutController" class="org.jasig.cas.web.LogoutController"
    <!-- other reqd props ->
    p:followServiceRedirects="true"/>

    I want to know what must be the URL i need to configure in the logoutFilter . As of now i have configured the CAS logout URL. But the issue is the page is just redirected to the url configured , but neither the CAS nor the application is logged out. Below is the bean config

    <bean id="logoutFilter" class="org.springframework.security.web.authentica tion.logout.LogoutFilter">
    <!-- URL redirected to after logout success -->
    <constructor-arg value="https://CAS-server URL:8443/cas-server-webapp-3.5.1/j_spring_security_logout"/>
    <constructor-arg>
    <list>
    <bean class="org.springframework.security.web.authentica tion.logout.SecurityContextLogoutHandler"/>
    <bean class="com.infosys.iengage.sso.logout.CustomLogout Handler"/>
    </list>
    </constructor-arg>
    </bean>

    I have implemented a CustomLogoutHandler which redirects the user to the https://CAS-server URL:8443/cas-server-webapp-3.5.1/j_spring_security_logout.


    Can you please help me understanding and resolving this?

    Thanks,
    Mckenzie
    https://jira.springsource.org/browse/SEC-748

    Comment

    Working...
    X