1. дома
  2. Вопрос и ответ
  3. CAS Single SignOut не работает

CAS Single SignOut не работает

2016-08-11 8 views
0

я сделал следующие изменения для обеспечения единого SignOut:CAS Single SignOut не работает

1. Add org.jasig.cas.client.session.SingleSignOutFilter as the first filter in filter chain. 
2. Include org.jasig.cas.client.session.SingleSignOutHttpSessionListener in web.xml

Но сеансы клиента не признаны недействительными. Ты знаешь почему?

Это мой журнал сервера, который указывает на то, что сервер посылает запросы выхода из системы для обоих клиентов:

181 DEBUG [org.jasig.cas.util.TGCCipherExecutor] - <Successfully decoded value. Result in Base64-encoding is [ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJbjAuLjkzeTVhNFJkc2N0WTlPdXhWOVlMWHcuaVZVSUlfdWpwMlo2UmJXZnFQR05BUXd2cW1lS3RuRlljbGNfZlFGclZSWGN1Y05qVXp2UC1LTW5OT3JfYUNTbzc1SWc5TDg4YS1lTlBsSlQ2MnUzUi1ILVplLW1iQTFFQ0I4RDY1am51WHR6R3h3RzA2b0tXS3FyQmxhNFh3amtkNEpqQzhneEFONlJ1Sk1aZEY3ZGg1cGVnSGo5ZklIdVVETjM5TC1WVk5VeTgzTXpORFlqYzJJMjZUMTJ5dGIwVTlpbXFTQ056dTVybFZDaW9XNnBqWC14VU1mQ01RSTd4MTVCOEhrWmxFZ2xUX2gzTnpnSjgtX3ZtczUweFBFZmJ2UjF1eHNCX0FTRWdMd2gwSTFCZlEub2JzcGFOVk1CcWNxWk1CZWtCeGJIQQ==]> 
181 DEBUG [org.jasig.cas.util.TGCCipherExecutor] - <Decrypting value...> 
182 DEBUG [org.jasig.cas.web.support.DefaultCasCookieValueManager] - <Decoded cookie value is [TGT-**********************************************[email protected]:0:0:0:0:0:0:[email protected]/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36]> 
183 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Removing ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] from registry...> 
183 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org]> 
183 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] found in registry.> 
184 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Ticket found. Processing logout requests and then deleting the ticket...> 
185 DEBUG [org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-5-XbgucCuIidiGsh1TjFeEcwsWKSUqIWk7oCw" Version="2.0" IssueInstant="2016-08-11T13:00:17Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@[email protected]</saml:NameID><samlp:SessionIndex>ST-6-JkoiXK3anY5RQKZwgJYB-cas01.example.org</samlp:SessionIndex></samlp:LogoutRequest>]> 
185 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Sending logout request for: [https://localhost:8443/test/newviews/home.xhtml]> 
187 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Prepared logout message to send is [[email protected]0[url=https://localhost:8443/test/newviews/home.xhtml,message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-5-XbgucCuIidiGsh1TjFeEcwsWKSUqIWk7oCw" Version="2.0" IssueInstant="2016-08-11T13:00:17Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@[email protected]</saml:NameID><samlp:SessionIndex>ST-6-JkoiXK3anY5RQKZwgJYB-cas01.example.org</samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded]]> 
188 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Captured logout request [[email protected][ticketId=ST-6-JkoiXK3anY5RQKZwgJYB-cas01.example.org,service=https://localhost:8443/test/newviews/home.xhtml,status=SUCCESS]]> 
189 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Connecting socket to localhost/127.0.0.1:8443 with timeout 5000> 
191 DEBUG [org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-6-DgpO6cQ1ySIrFlAKjmLctLfSdVgkqUoQOI9" Version="2.0" IssueInstant="2016-08-11T13:00:17Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@[email protected]</saml:NameID><samlp:SessionIndex>ST-7-RhZCrItuoTVLcaJv2rdC-cas01.example.org</samlp:SessionIndex></samlp:LogoutRequest>]> 
191 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]> 
191 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]> 
191 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Starting handshake> 
191 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Sending logout request for: [https://localhost:7443/cas-sample/secure/index.jsp]> 
191 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Prepared logout message to send is [[email protected]b[url=https://localhost:7443/cas-sample/secure/index.jsp,message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-6-DgpO6cQ1ySIrFlAKjmLctLfSdVgkqUoQOI9" Version="2.0" IssueInstant="2016-08-11T13:00:17Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@[email protected]</saml:NameID><samlp:SessionIndex>ST-7-RhZCrItuoTVLcaJv2rdC-cas01.example.org</samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded]]> 
193 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Captured logout request [[email protected][ticketId=ST-7-RhZCrItuoTVLcaJv2rdC-cas01.example.org,service=https://localhost:7443/cas-sample/secure/index.jsp,status=SUCCESS]]> 
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Connecting socket to localhost/127.0.0.1:7443 with timeout 5000> 
194 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org]> 
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Secure session established> 
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < negotiated protocol: TLSv1.2> 
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256> 
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < peer principal: CN=localhost, OU=IT, O=xxxx, L=xxxx, ST=xxxx, C=xxxx> 
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < issuer principal: CN=localhost, OU=IT, O=xxxx, L=xxxx, ST=xxxx, C=xxxx> 
194 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] found in registry.> 
195 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing children of ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] from the registry.> 
195 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] from the registry.> 
196 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Publishing org[email protected]1a5ff277[ticketGrantingTicket=TGT-**********************************************xO0zbG1hVN-cas01.example.org]> 
197 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]> 
197 DEBUG [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Trying to see if target's return value is instance of [Assertion]...> 
197 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]> 
197 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Starting handshake> 
197 DEBUG [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Resolving principal from the delegate principal resolver: [[email protected]35d8]...> 
198 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [String] for audit> 
198 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org]> 
199 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] by type [Ticket] cannot be found in the ticket registry.> 
202 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Could not locate ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] in the registry> 
202 DEBUG [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Meaningful principal id could not be resolved by [[email protected]6e9c9d27]. Returning [audit:unknown]...> 
203 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN 
INFO | jvm 1 | 2016/08/11 13:00:17 | ============================================================= 
INFO | jvm 1 | 2016/08/11 13:00:17 | WHO: audit:unknown 
INFO | jvm 1 | 2016/08/11 13:00:17 | WHAT: TGT-**********************************************xO0zbG1hVN-cas01.example.org 
INFO | jvm 1 | 2016/08/11 13:00:17 | ACTION: TICKET_GRANTING_TICKET_DESTROYED 
INFO | jvm 1 | 2016/08/11 13:00:17 | APPLICATION: CAS 
INFO | jvm 1 | 2016/08/11 13:00:17 | WHEN: Thu Aug 11 13:00:17 EDT 2016 
INFO | jvm 1 | 2016/08/11 13:00:17 | CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 
INFO | jvm 1 | 2016/08/11 13:00:17 | SERVER IP ADDRESS: 0:0:0:0:0:0:0:1 
INFO | jvm 1 | 2016/08/11 13:00:17 | ============================================================= 
INFO | jvm 1 | 2016/08/11 13:00:17 | 
INFO | jvm 1 | 2016/08/11 13:00:17 | > 
203 DEBUG [org.jasig.cas.web.support.TGCCookieRetrievingCookieGenerator] - <Removed cookie with name [TGC]> 
203 DEBUG [org.jasig.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 
206 DEBUG [org.jasig.cas.services.web.RegisteredServiceThemeBasedViewResolver] - <View resolved: /WEB-INF/view/jsp/default/ui/casLogoutView.jsp> 
210 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Secure session established> 
210 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < negotiated protocol: TLSv1.2> 
210 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256> 
210 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < peer principal: CN=localhost, OU=IT, O=xxxx, L=xxxx, ST=xxxx, C=xxxx> 
210 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < issuer principal: CN=localhost, OU=IT, O=xxxx, L=xxxx, ST=xxxx, C=xxxx>

Во время моего дальнейшего анализа, я изменил SLO обратные вызовы синхронными.

slo.callbacks.asynchronous=false

Теперь я получаю WARN [org.jasig.cas.logout.LogoutManagerImpl] - <Logout message not sent to [https://localhost:8443/test/newviews/home.xhtml]; Continuing processing...>

Так это означает, что выход из системы сообщения не были отправлены клиентам. Я также заметил, что в моих журналах нет записей org.jasig.cas.util.SimpleHttpClient. Я думаю, что это проблема. Любые предложения по исправлению этого?

источник

2016-08-11 Ani

ответ

0

Попробуйте включить журналы как уровень «трассировки». Это должно дать вам более подробную информацию о том, что происходит за кулисами.

источник

2016-09-21 20:46:42 SaAn

 Смежные вопросы

  • Нет связанных вопросов^_^