CAS单点登出不起作用 [英] CAS single sign out not working

问题描述

我在Apache Tomcat上安装了CAS服务器（v3.5.2），在JBOSS上安装了2个客户端。
除非单点退出，否则一切正常。

I have installed a CAS server (v3.5.2) on Apache Tomcat and 2 clients on JBOSS. Everything works fine unless single sign out.

我认为我所做的一切都很好，但仍有这个问题。

I think all I made is fine but there is still this problem.

我的配置服务器端：
在WEB-INF\deployerConfigContext.xml中：

My configuration server-side : In WEB-INF\deployerConfigContext.xml :

<bean class="org.jasig.cas.services.RegexRegisteredService">
    <property name="id" value="1" />
    <property name="name" value="HTTP and IMAP on localhost:8080/firstCasClient" />
    <property name="description" value="Allows HTTP(S) and IMAP(S) protocols on localhost:8080/firstCasClient" />
    <property name="serviceId" value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*localhost:8080/firstCasClient/*" />
    <property name="ssoEnabled" value="true" />
    <property name="enabled" value="true" />
    <property name="evaluationOrder" value="0" />
</bean>

<bean class="org.jasig.cas.services.RegexRegisteredService">
    <property name="id" value="2" />
    <property name="name" value="HTTP and IMAP on localhost:8080/secondCasClient" />
    <property name="description" value="Allows HTTP(S) and IMAP(S) protocols on localhost:8080/secondCasClient" />
    <property name="serviceId" value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*localhost:8080/secondCasClient/*" />
    <property name="ssoEnabled" value="true" />
    <property name="enabled" value="true" />
    <property name="evaluationOrder" value="1" />
</bean>

客户端配置：
在web.xml中：

Configuration in clients : In web.xml :

<!-- CAS SINGLE SIGN OUT -->
<filter>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    <init-param>
    <!-- because of use of Saml11TicketValidationFilter -->
        <param-name>artifactParameterName</param-name>
        <param-value>SAMLart</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CAS Single Sign Out Filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

<!-- other filters -->
<filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <init-param>
        <param-name>casServerLoginUrl</param-name>
        <param-value>http://localhost:8888/cas-server-webapp-3.5.2/login</param-value>
    </init-param>
    <init-param>
        <param-name>service</param-name>
        <param-value>http://localhost:8080/firstCasClient</param-value>
    </init-param>
</filter>
<filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>http://localhost:8888/cas-server-webapp-3.5.2</param-value>
    </init-param>
    <init-param>
        <param-name>service</param-name>
        <param-value>http://localhost:8080/firstCasClient</param-value>
    </init-param>
</filter>
<filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
</filter-mapping>
<filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
</filter-mapping>
<filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
</filter-mapping>
<filter-mapping>
    <filter-name>CAS Assertion Thread Local Filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
</filter-mapping>

我希望有人能找到问题
谢谢

I hope someone would find what is wrong thanks anyway

推荐答案

在argumentExtractorsConfiguration.xml文件中确保casArgumentExtractor bean将disableSingleSignOut属性设置为false。如果您看到以下内容：

Make sure in your argumentExtractorsConfiguration.xml file that the casArgumentExtractor bean has the disableSingleSignOut property set to false. If you see the following:

<bean id="casArgumentExtractor"
      class="org.jasig.cas.web.support.CasArgumentExtractor"
      p:httpClient-ref="noRedirectHttpClient"  
      p:disableSingleSignOut="${slo.callbacks.disabled:false}" />

查看你的cas.properties并确保slo.callbacks.disabled未设置为true 。 $ {slo.callbacks.disabled：false} 表示查找该属性，如果未找到，则将其默认为false。

Take a look in your cas.properties and make sure slo.callbacks.disabled is not set to true. the ${slo.callbacks.disabled:false} means look for that property, and if it is not found default it to false.

这篇关于CAS单点登出不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！