Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The cas client can not receive cas server single logout callback.Maybe I miss some config? #12

Open
puzzledz opened this issue Jun 4, 2019 · 0 comments
Open

The cas client can not receive cas server single logout callback.Maybe I miss some config? #12

puzzledz opened this issue Jun 4, 2019 · 0 comments

Comments

@puzzledz
Copy link

puzzledz commented Jun 4, 2019

The log part of cas client

[INFO] jetty-9.3.6.v20151106
log4j: reset attribute= "false".
log4j: Threshold ="null".
log4j: Level value for root is  [DEBUG].
log4j: root level set to DEBUG
log4j: Class name: [org.apache.log4j.ConsoleAppender]
log4j: Parsing layout of class: "org.apache.log4j.PatternLayout"
log4j: Setting property [conversionPattern] to [%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n].
log4j: Adding appender named [console] to category [root].
2019-06-04 20:57:54 DEBUG CommonUtils:356 - serviceUrl generated: http://localhost:8083/sample/
2019-06-04 20:57:54 DEBUG AuthenticationFilter:170 - no ticket and no assertion found
2019-06-04 20:57:54 DEBUG AuthenticationFilter:178 - Constructed service url: http://localhost:8083/sample/
2019-06-04 20:57:54 DEBUG AuthenticationFilter:183 - redirecting to "http://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost%3A8083%2Fsample%2F"
2019-06-04 20:58:39 DEBUG SingleSignOutHandler:242 - Recording session for token ST-1-mwxFGto4bRMcxppIs2We-DESKTOP-9HOHOSI
2019-06-04 20:58:39 DEBUG HashMapBackedSessionMappingStorage:56 - Attempting to remove Session=[1rqd7mb71lgjfdtp10pb9qwq4]
2019-06-04 20:58:39 DEBUG HashMapBackedSessionMappingStorage:64 - No mapping for session found.  Ignoring.
2019-06-04 20:58:39 DEBUG Cas30ProxyReceivingTicketValidationFilter:201 - Attempting to validate ticket: ST-1-mwxFGto4bRMcxppIs2We-DESKTOP-9HOHOSI
2019-06-04 20:58:39 DEBUG CommonUtils:356 - serviceUrl generated: http://localhost:8083/sample/
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:104 - Placing URL parameters in map.
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:112 - Calling template URL attribute map.
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:115 - Loading custom parameters from configuration.
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:189 - Constructing validation url: http://localhost:8443/cas/p3/serviceValidate?ticket=ST-1-mwxFGto4bRMcxppIs2We-DESKTOP-9HOHOSI&service=http%3A%2F%2Flocalhost%3A8083%2Fsample%2F&authn_method=mfa-duo
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:192 - Retrieving response from server.
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:199 - Server response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:authenticationSuccess>
        <cas:user>casuser</cas:user>
        <cas:attributes>
            <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
            <cas:isFromNewLogin>true</cas:isFromNewLogin>
            <cas:authenticationDate>2019-06-04T20:58:38.719+08:00[Asia/Shanghai]</cas:authenticationDate>
            <cas:authenticationMethod>AcceptUsersAuthenticationHandler</cas:authenticationMethod>
            <cas:successfulAuthenticationHandlers>AcceptUsersAuthenticationHandler</cas:successfulAuthenticationHandlers>
            </cas:attributes>
    </cas:authenticationSuccess>
</cas:serviceResponse>

2019-06-04 20:58:39 DEBUG Cas30ProxyReceivingTicketValidationFilter:207 - Successfully authenticated user: casuser
2019-06-04 20:58:39 DEBUG Cas30ProxyReceivingTicketValidationFilter:217 - Redirecting after successful ticket validation.
2019-06-04 20:58:39 DEBUG CommonUtils:356 - serviceUrl generated: http://localhost:8083/sample/

cas client web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<!--
   <context-param>
       <param-name>renew</param-name>
       <param-value>true</param-value>
   </context-param>
-->

    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <!-- <param-value>https://mmoayyed.unicon.net:8443/cas</param-value> -->
            <param-value>http://localhost:8443/cas</param-value>
        </init-param>
    </filter>

    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <!--<filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>-->
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <!-- <param-value>https://mmoayyed.unicon.net:8443/cas/login</param-value> -->
            <param-value>http://localhost:8443/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <!-- <param-value>https://mmoayyed.unicon.net:9443</param-value> -->
            <param-value>http://localhost:8083</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <!--<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>-->
        <filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <!-- <param-value>https://mmoayyed.unicon.net:8443/cas</param-value> -->
            <param-value>http://localhost:8443/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <!-- <param-value>https://mmoayyed.unicon.net:9443</param-value> -->
             <param-value>http://localhost:8083</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>useSession</param-name>
            <param-value>true</param-value>
        </init-param>
        <!--
        <init-param>
            <param-name>acceptAnyProxy</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>proxyReceptorUrl</param-name>
            <param-value>/sample/proxyUrl</param-value>
        </init-param>
        <init-param>
            <param-name>proxyCallbackUrl</param-name>
            <param-value>https://mmoayyed.unicon.net:9443/sample/proxyUrl</param-value>
        </init-param>
        -->
        <init-param>
            <param-name>authn_method</param-name>
            <param-value>mfa-duo</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <welcome-file-list>
        <welcome-file>
            index.jsp
        </welcome-file>
    </welcome-file-list>
</web-app>

and I also registered service to cas server and set cas.serviceRegistry.initFromJson=true.
cas server service

{
  "@class": "org.apereo.cas.services.RegexRegisteredService",
  "serviceId": "^(https|imaps|http)://localhost:8083.*",
  "name": "Localhost8083",
  "id": 10000006,
  "description": "this is a localhost service",
  "evaluationOrder": 10000000,
  "logoutType" : "BACK_CHANNEL",
  "logoutUrl" : "http://localhost:8083/sample",
  "attributeReleasePolicy": {
    "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }
}

when I run http://localhost:8443/cas/logout(cas server),and the cas client can not receive cas server single logout callback.
The log part of cas server

2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultLogoutManager] - <Handling single logout callback for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Processing logout request for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]]...>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]] supports single logout and is found in the registry as [id=10000000,name=ShiroClient-demo,description=ShiroClient-demo service,serviceId=^(https|imaps|http)://localhost:8083.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=demo,evaluationOrder=100,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@c34d45[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@608ee0f5[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,allowedAttributes=[school_multi, email]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@1f1ad3ff[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@4dc523be,logo=<null>,logoutUrl=http://localhost:8083/logout,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@7901c19e[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,<null>]. Proceeding...>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder] - <Logout request will be sent to [http://localhost:8083/logout] for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout url [http://localhost:8083/logout] for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating logout request for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]] and ticket id [ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout request [org.apereo.cas.logout.DefaultLogoutRequest@32c309f0[ticketId=ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML],status=SUCCESS]] created for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]] and ticket id [ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout type registered for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]] is [BACK_CHANNEL]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating back-channel logout request based on [org.apereo.cas.logout.DefaultLogoutRequest@32c309f0[ticketId=ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML],status=SUCCESS]]>
2019-06-04 21:30:38,162 DEBUG [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-3-UwxHvvQlWqFwQlg6OqWrDOsmHhyC1SQsM6j" Version="2.0" IssueInstant="2019-06-04T21:30:38Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI</samlp:SessionIndex></samlp:LogoutRequest>]>
2019-06-04 21:30:38,162 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Preparing logout request for [http://localhost:8083/sample/] to [http://localhost:8083/logout]>
2019-06-04 21:30:38,162 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout message to send is [org.apereo.cas.logout.LogoutHttpMessage@2ff024[url=http://localhost:8083/logout,message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-3-UwxHvvQlWqFwQlg6OqWrDOsmHhyC1SQsM6j" Version="2.0" IssueInstant="2019-06-04T21:30:38Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI</samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded,responseCode=0]]. Sending...>
2019-06-04 21:30:38,163 DEBUG [org.apereo.cas.logout.DefaultLogoutManager] - <Captured logout request [org.apereo.cas.logout.DefaultLogoutRequest@32c309f0[ticketId=ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML],status=SUCCESS]]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@puzzledz