tomcat - when I build application to war SLO (single logout) stops working -


i trying implement cas in spring based application. have configured cas , connection cas application , working when run application jar. when try build application war package slo (single logout) stops working. when click log out logged out application , cas i'm still logged in other application.

enviroment:

  • both war , cas deployed on local running tomcat 7, recommended in documentation change localhost computer name.
  • i'm using cas-server-webapp-3.5.2.1 , spring-boot-1.1.8.release
  • i disabled https communication run on http

this first attempt integrate cas have doubts: can problem:

2015-04-01 11:21:37,807 warn [org.jasig.cas.util.httpclient] - <error sending me ssage url endpoint [http://mycomputername:8080/app1/j_spring_cas_securi ty_check].  error [server returned http response code: 403 url: http://my computername:8080/app1/j_spring_cas_security_check]> 

also when go tomcat web application manager (mycomputername:8080/manager) , expire sessions second application log out it, or rather cannot access anymore , i'm redirected login in cas.

@edit: spring security: http://pastebin.com/k0bmvrln

properties app1 war deployment

app.service.security=http://mycomputername:8080/app1/j_spring_cas_security_check app.service.home=http://mycomputername:8080/app1/ cas.service.login=http://mycomputername:8080/cas/login cas.service.logout=http://mycomputername:8080/cas/logout cas.url.prefix=http://mycomputername:8080/cas/ app.admin.username=admin@cas.com 

logout steps using spring security , cas :

  1. the user requests /j_spring_security_logout (which set in href of logout button) log user out of local application , send user logout success url.
  2. the logout success url,that should set /j_spring_cas_security_logout, in order logout out of applications.
  3. then user redirected cas single logout url (https://localhost:7443/cas/logout).
  4. on cas server side, cas single logout url submits single logout requests cas services. on cas service side, jasig's singlesignoutfilter processes logout request invaliditing original session.
  5. at end castgt , jsession(for spring) destroyed , in app2 after request page should redirect cas login page

Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -