tomcat - when I build application to war SLO (single logout) stops working -
i trying implement cas in spring based application. have configured cas , connection cas application , working when run application jar. when try build application war package slo (single logout) stops working. when click log out logged out application , cas i'm still logged in other application.
enviroment:
- both war , cas deployed on local running tomcat 7, recommended in documentation change localhost computer name.
- i'm using cas-server-webapp-3.5.2.1 , spring-boot-1.1.8.release
- i disabled https communication run on http
this first attempt integrate cas have doubts: can problem:
2015-04-01 11:21:37,807 warn [org.jasig.cas.util.httpclient] - <error sending me ssage url endpoint [http://mycomputername:8080/app1/j_spring_cas_securi ty_check]. error [server returned http response code: 403 url: http://my computername:8080/app1/j_spring_cas_security_check]>
i've got same message when running jars , there i'm log out both applications
full log: http://pastebin.com/shhgenmn
log without info in application initialization: http://pastebin.com/dbw8fm1m
also when go tomcat web application manager (mycomputername:8080/manager) , expire sessions second application log out it, or rather cannot access anymore , i'm redirected login in cas.
@edit: spring security: http://pastebin.com/k0bmvrln
properties app1 war deployment
app.service.security=http://mycomputername:8080/app1/j_spring_cas_security_check app.service.home=http://mycomputername:8080/app1/ cas.service.login=http://mycomputername:8080/cas/login cas.service.logout=http://mycomputername:8080/cas/logout cas.url.prefix=http://mycomputername:8080/cas/ app.admin.username=admin@cas.com
logout steps using spring security
, cas
:
- the user requests /j_spring_security_logout (which set in
href
of logout button) log user out of local application , send user logout success url. - the logout success url,that should set
/j_spring_cas_security_logout
, in order logout out of applications. - then user redirected cas single logout url (
https://localhost:7443/cas/logout
). - on cas server side, cas single logout url submits single logout requests cas services. on cas service side, jasig's
singlesignoutfilter
processes logout request invaliditing original session. - at end
castgt
,jsession
(for spring) destroyed , in app2 after request page should redirect cas login page
Comments
Post a Comment