У меня система единого входа прекрасно работает, но единый выход не работает.
Сценарий такой:
Кнопка выхода для обоих приложений сначала вызывает session.invalidate ()
, а затем перенаправляет на https: // localhost: 8443 / cas / logout
Фильтр единого выхода - это первый фильтр в файле web.xml. У меня также есть SingleSignOutHttpSessionListener
в web.xml.
Ниже приводится отрывок из моего web.xml
<!-- CAS settings -->
<!-- Use filter init-param if your container does not support context params.
CAS Authentication Filter and CAS Validation Filter need a serverName init-param
in lieu of a context-param definition. -->
<context-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443</param-value>
</context-param>
<!-- Facilitates CAS single sign-out -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!--
CAS client filters
Single sign-out filter MUST come first since it needs to be evaluated
before other filters.
-->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<!--
IMPORTANT:
Use Saml11AuthenticationFilter for version 3.1.12 and later.
Use org.jasig.cas.client.authentication.AuthenticationFilter for previous
versions.
-->
<filter-class>
org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>service</param-name>
<param-value>https://localhost:8443/JAdaptiv/default.action</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<!-- Leniency of time checking in ms when validating SAML assertions. Consider
setting this parameter more liberally if you anticipate system clock drift
on your application servers relative to the CAS server. The default is 1000
(1s) and at least one person had problems with drift at that small a tolerance
value. A good approach is to start low and then increase by 1000 as needed
until problems stop. Note that increasing this value may have negative security
implications. Consider fixing clock drift problems as an alternative. -->
<param-name>tolerance</param-name>
<param-value>1000</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>