Skip to content

The cas client can not receive cas server single logout callback.Maybe I miss some config? #12

New issue
New issue
Open
Open
The cas client can not receive cas server single logout callback.Maybe I miss some config?#12
@puzzledz

Description

@puzzledz
puzzledz
opened on Jun 4, 2019

The log part of cas client

[INFO] jetty-9.3.6.v20151106
log4j: reset attribute= "false".
log4j: Threshold ="null".
log4j: Level value for root is  [DEBUG].
log4j: root level set to DEBUG
log4j: Class name: [org.apache.log4j.ConsoleAppender]
log4j: Parsing layout of class: "org.apache.log4j.PatternLayout"
log4j: Setting property [conversionPattern] to [%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n].
log4j: Adding appender named [console] to category [root].
2019-06-04 20:57:54 DEBUG CommonUtils:356 - serviceUrl generated: http://localhost:8083/sample/
2019-06-04 20:57:54 DEBUG AuthenticationFilter:170 - no ticket and no assertion found
2019-06-04 20:57:54 DEBUG AuthenticationFilter:178 - Constructed service url: http://localhost:8083/sample/
2019-06-04 20:57:54 DEBUG AuthenticationFilter:183 - redirecting to "http://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost%3A8083%2Fsample%2F"
2019-06-04 20:58:39 DEBUG SingleSignOutHandler:242 - Recording session for token ST-1-mwxFGto4bRMcxppIs2We-DESKTOP-9HOHOSI
2019-06-04 20:58:39 DEBUG HashMapBackedSessionMappingStorage:56 - Attempting to remove Session=[1rqd7mb71lgjfdtp10pb9qwq4]
2019-06-04 20:58:39 DEBUG HashMapBackedSessionMappingStorage:64 - No mapping for session found.  Ignoring.
2019-06-04 20:58:39 DEBUG Cas30ProxyReceivingTicketValidationFilter:201 - Attempting to validate ticket: ST-1-mwxFGto4bRMcxppIs2We-DESKTOP-9HOHOSI
2019-06-04 20:58:39 DEBUG CommonUtils:356 - serviceUrl generated: http://localhost:8083/sample/
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:104 - Placing URL parameters in map.
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:112 - Calling template URL attribute map.
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:115 - Loading custom parameters from configuration.
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:189 - Constructing validation url: http://localhost:8443/cas/p3/serviceValidate?ticket=ST-1-mwxFGto4bRMcxppIs2We-DESKTOP-9HOHOSI&service=http%3A%2F%2Flocalhost%3A8083%2Fsample%2F&authn_method=mfa-duo
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:192 - Retrieving response from server.
2019-06-04 20:58:39 DEBUG Cas30ServiceTicketValidator:199 - Server response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:authenticationSuccess>
        <cas:user>casuser</cas:user>
        <cas:attributes>
            <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
            <cas:isFromNewLogin>true</cas:isFromNewLogin>
            <cas:authenticationDate>2019-06-04T20:58:38.719+08:00[Asia/Shanghai]</cas:authenticationDate>
            <cas:authenticationMethod>AcceptUsersAuthenticationHandler</cas:authenticationMethod>
            <cas:successfulAuthenticationHandlers>AcceptUsersAuthenticationHandler</cas:successfulAuthenticationHandlers>
            </cas:attributes>
    </cas:authenticationSuccess>
</cas:serviceResponse>

2019-06-04 20:58:39 DEBUG Cas30ProxyReceivingTicketValidationFilter:207 - Successfully authenticated user: casuser
2019-06-04 20:58:39 DEBUG Cas30ProxyReceivingTicketValidationFilter:217 - Redirecting after successful ticket validation.
2019-06-04 20:58:39 DEBUG CommonUtils:356 - serviceUrl generated: http://localhost:8083/sample/

cas client web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<!--
   <context-param>
       <param-name>renew</param-name>
       <param-value>true</param-value>
   </context-param>
-->

    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <!-- <param-value>https://mmoayyed.unicon.net:8443/cas</param-value> -->
            <param-value>http://localhost:8443/cas</param-value>
        </init-param>
    </filter>

    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <!--<filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>-->
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <!-- <param-value>https://mmoayyed.unicon.net:8443/cas/login</param-value> -->
            <param-value>http://localhost:8443/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <!-- <param-value>https://mmoayyed.unicon.net:9443</param-value> -->
            <param-value>http://localhost:8083</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <!--<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>-->
        <filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <!-- <param-value>https://mmoayyed.unicon.net:8443/cas</param-value> -->
            <param-value>http://localhost:8443/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <!-- <param-value>https://mmoayyed.unicon.net:9443</param-value> -->
             <param-value>http://localhost:8083</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>useSession</param-name>
            <param-value>true</param-value>
        </init-param>
        <!--
        <init-param>
            <param-name>acceptAnyProxy</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>proxyReceptorUrl</param-name>
            <param-value>/sample/proxyUrl</param-value>
        </init-param>
        <init-param>
            <param-name>proxyCallbackUrl</param-name>
            <param-value>https://mmoayyed.unicon.net:9443/sample/proxyUrl</param-value>
        </init-param>
        -->
        <init-param>
            <param-name>authn_method</param-name>
            <param-value>mfa-duo</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <welcome-file-list>
        <welcome-file>
            index.jsp
        </welcome-file>
    </welcome-file-list>
</web-app>

and I also registered service to cas server and set cas.serviceRegistry.initFromJson=true.
cas server service

{
  "@class": "org.apereo.cas.services.RegexRegisteredService",
  "serviceId": "^(https|imaps|http)://localhost:8083.*",
  "name": "Localhost8083",
  "id": 10000006,
  "description": "this is a localhost service",
  "evaluationOrder": 10000000,
  "logoutType" : "BACK_CHANNEL",
  "logoutUrl" : "http://localhost:8083/sample",
  "attributeReleasePolicy": {
    "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }
}

when I run http://localhost:8443/cas/logout(cas server),and the cas client can not receive cas server single logout callback.
The log part of cas server

2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultLogoutManager] - <Handling single logout callback for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Processing logout request for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]]...>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]] supports single logout and is found in the registry as [id=10000000,name=ShiroClient-demo,description=ShiroClient-demo service,serviceId=^(https|imaps|http)://localhost:8083.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=demo,evaluationOrder=100,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@c34d45[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@608ee0f5[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,allowedAttributes=[school_multi, email]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@1f1ad3ff[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@4dc523be,logo=<null>,logoutUrl=http://localhost:8083/logout,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@7901c19e[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,<null>]. Proceeding...>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder] - <Logout request will be sent to [http://localhost:8083/logout] for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout url [http://localhost:8083/logout] for service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating logout request for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]] and ticket id [ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout request [org.apereo.cas.logout.DefaultLogoutRequest@32c309f0[ticketId=ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML],status=SUCCESS]] created for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]] and ticket id [ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Logout type registered for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML]] is [BACK_CHANNEL]>
2019-06-04 21:30:38,161 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Creating back-channel logout request based on [org.apereo.cas.logout.DefaultLogoutRequest@32c309f0[ticketId=ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML],status=SUCCESS]]>
2019-06-04 21:30:38,162 DEBUG [org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-3-UwxHvvQlWqFwQlg6OqWrDOsmHhyC1SQsM6j" Version="2.0" IssueInstant="2019-06-04T21:30:38Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI</samlp:SessionIndex></samlp:LogoutRequest>]>
2019-06-04 21:30:38,162 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Preparing logout request for [http://localhost:8083/sample/] to [http://localhost:8083/logout]>
2019-06-04 21:30:38,162 DEBUG [org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - <Prepared logout message to send is [org.apereo.cas.logout.LogoutHttpMessage@2ff024[url=http://localhost:8083/logout,message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-3-UwxHvvQlWqFwQlg6OqWrDOsmHhyC1SQsM6j" Version="2.0" IssueInstant="2019-06-04T21:30:38Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI</samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded,responseCode=0]]. Sending...>
2019-06-04 21:30:38,163 DEBUG [org.apereo.cas.logout.DefaultLogoutManager] - <Captured logout request [org.apereo.cas.logout.DefaultLogoutRequest@32c309f0[ticketId=ST-2-Cz1Eyy9fTLSPWcbJTcro-DESKTOP-9HOHOSI,service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@78fbff0b[id=http://localhost:8083/sample/,originalUrl=http://localhost:8083/sample/,artifactId=<null>,principal=casuser,loggedOutAlready=true,format=XML],status=SUCCESS]]>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions