Single Sign Out give me a lot of headache for few days (LOL). Please take note that this is
applicable when I use CAS Server 3.5.2 and CAS Client above 3.1.5
(Jasper bundled) and I haven't test any other version yet.
Please refer to this post on additional information:
http://jaspershare.blogspot.sg/2013/10/concurrent-user-control.html
Here are the steps using overlay method:
1. Open the file "/WEB-INF/applicationContext-externalAuth-CAS-db-mt.xml"
2. Add single logout filter to the bean
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
3. Very important! Find bean id "proxyAuthenticationProcessingFilter" and change property "invalidateSessionOnSuccessfulAuthentication" to false
<property name="invalidateSessionOnSuccessfulAuthentication" value="false"/>
4. Open the file "/WEB-INF/applicationContext-security-web.xml"
5. Find bean id "filterChainProxy" and for pattern "/**" add "logoutFilter,singleLogoutFilter" before "httpSessionContextIntegrationFilter". Please refer to another blog for what is "logoutFilter"
6. Very important! XML Validation for logout request will fail because of default jasper behaviour. Therefore, we need to add new pattern to file "/WEB-INF/classes/esapi/security.properties" below "DEFAULT"
#########################################################
# Logout Context
logoutRequest=AlphaUnderscore,Script,1000,true,logoutRequest-Logout_context
7. Next we need to register this by opening file "/WEB-INF/web.xml"
8. Add new listener
<!-- listener to response on single sign out -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
9. Add new filter for Single Logout
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
10. For me, I need to put configuration into one place, so adding property file to the classpath by modifying file "/WEB-INF/applicationContext-webapp.xml"
11. Find bean id "propertyConfigurer"
12. Add new value inside property "locations"
<value>classpath*:jasperserver-cas.properties</value>
13. I can then make use of ${cas.slo.expired.path} as stated above
14. Startup the application and enjoy. Logout from cas server will be processed accordingly.
Additional info:
1. if you want to remove logout link from jasperserver, open file "/WEB-INF/decorators/decorator.jsp" then comment out this section
<li id="main_logOut" class="last"><a id="main_logOut_link"><spring:message code="menu.logout"/></a></li>
2. If you want to show additional log for CAS, just add this line into file "/WEB-INF/log4j.properties"
log4j.logger.org.jasig.cas.client=debug
Cheers,
Deddy
Please refer to this post on additional information:
http://jaspershare.blogspot.sg/2013/10/concurrent-user-control.html
Here are the steps using overlay method:
1. Open the file "/WEB-INF/applicationContext-externalAuth-CAS-db-mt.xml"
2. Add single logout filter to the bean
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
3. Very important! Find bean id "proxyAuthenticationProcessingFilter" and change property "invalidateSessionOnSuccessfulAuthentication" to false
<property name="invalidateSessionOnSuccessfulAuthentication" value="false"/>
4. Open the file "/WEB-INF/applicationContext-security-web.xml"
5. Find bean id "filterChainProxy" and for pattern "/**" add "logoutFilter,singleLogoutFilter" before "httpSessionContextIntegrationFilter". Please refer to another blog for what is "logoutFilter"
6. Very important! XML Validation for logout request will fail because of default jasper behaviour. Therefore, we need to add new pattern to file "/WEB-INF/classes/esapi/security.properties" below "DEFAULT"
#########################################################
# Logout Context
logoutRequest=AlphaUnderscore,Script,1000,true,logoutRequest-Logout_context
7. Next we need to register this by opening file "/WEB-INF/web.xml"
8. Add new listener
<!-- listener to response on single sign out -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
9. Add new filter for Single Logout
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
10. For me, I need to put configuration into one place, so adding property file to the classpath by modifying file "/WEB-INF/applicationContext-webapp.xml"
11. Find bean id "propertyConfigurer"
12. Add new value inside property "locations"
<value>classpath*:jasperserver-cas.properties</value>
13. I can then make use of ${cas.slo.expired.path} as stated above
14. Startup the application and enjoy. Logout from cas server will be processed accordingly.
Additional info:
1. if you want to remove logout link from jasperserver, open file "/WEB-INF/decorators/decorator.jsp" then comment out this section
<li id="main_logOut" class="last"><a id="main_logOut_link"><spring:message code="menu.logout"/></a></li>
2. If you want to show additional log for CAS, just add this line into file "/WEB-INF/log4j.properties"
log4j.logger.org.jasig.cas.client=debug
Cheers,
Deddy
Thanks for the time you put into this. I was able to adjust it slightly to work with our client's 4.5.1 version of Jasper Reports Server.
ReplyDeleteI found I had:
- to add in the "singleLogoutFilter" to the "/j_spring_cas_security_check" under the "filterInvocationDefinitionSource" property
- Did not have to add in the explicit "filter-mapping" to the web.xml