Foros de discusión
Liferay and Single Logout with CAS
Sasha M, modificado hace 7 años.
Liferay and Single Logout with CAS
New Member Mensajes: 3 Fecha de incorporación: 14/11/16 Mensajes recientes
Hello,
I integrated CAS server and Liferay ( Liferay Portal Community Edition 6.2 CE GA6 ).
Login works excellent.
But Single Logout (SLO) is not works. If I logout from https://{cas server}/cas/logout, liferay user session is still login.
How can I configure Single Logout feature?
Thanks
I integrated CAS server and Liferay ( Liferay Portal Community Edition 6.2 CE GA6 ).
Login works excellent.
But Single Logout (SLO) is not works. If I logout from https://{cas server}/cas/logout, liferay user session is still login.
How can I configure Single Logout feature?
Thanks
David H Nebinger, modificado hace 7 años.
RE: Liferay and Single Logout with CAS
Liferay Legend Mensajes: 14919 Fecha de incorporación: 2/09/06 Mensajes recientes
Are you handling the logout from Liferay or going directly to cas?
Sasha M, modificado hace 7 años.
RE: Liferay and Single Logout with CAS
New Member Mensajes: 3 Fecha de incorporación: 14/11/16 Mensajes recientes
I am trying logout directly from cas.
And in cas server log I can see POST logout request to Liferay server:
2016-11-22 12:37:39,824 DEBUG [org.apache.http.impl.execchain.MainClientExec] - <Opening connection {s}->https://jrs2.ncu.com.ua:443>
2016-11-22 12:37:39,825 DEBUG [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] - <Connecting to jrs2.ncu.com.ua/192.168.60.217:443>
2016-11-22 12:37:39,854 DEBUG [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] - <Connection established 192.168.60.217:50985<->192.168.60.217:443>
2016-11-22 12:37:39,854 DEBUG [org.apache.http.impl.conn.DefaultManagedHttpClientConnection] - <http-outgoing-1: set socket timeout to 5000>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.impl.execchain.MainClientExec] - <Executing request POST /liferay/c/portal/login HTTP/1.1>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.impl.execchain.MainClientExec] - <Target auth state: UNCHALLENGED>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.impl.execchain.MainClientExec] - <Proxy auth state: UNCHALLENGED>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> POST /liferay/c/portal/login HTTP/1.1>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Content-Type: application/x-www-form-urlencoded>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Content-Length: 476>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Host: jrs2.ncu.com.ua>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Connection: Keep-Alive>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.7.0_80)>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Cookie: JSESSIONID=18E9A568B2DF2052B7AEEB231D89954F>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Accept-Encoding: gzip,deflate>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "POST /liferay/c/portal/login HTTP/1.1[\r][\n]">
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]">
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Content-Length: 476[\r][\n]">
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Host: jrs2.ncu.com.ua[\r][\n]">
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Connection: Keep-Alive[\r][\n]">
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.7.0_80)[\r][\n]">
2016-11-22 12:37:39,856 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Cookie: JSESSIONID=18E9A568B2DF2052B7AEEB231D89954F[\r][\n]">
2016-11-22 12:37:39,856 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Accept-Encoding: gzip,deflate[\r][\n]">
2016-11-22 12:37:39,856 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "[\r][\n]">
2016-11-22 12:37:39,856 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-2-ogwHPG4UWA5
wVGTydbf2zbwRGEJJ7e3qlks%22+Version%3D%222.0%22+IssueInstant%3D%222016-11-22T12%3A37%3A39Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml
%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-2-NwN5gSzDnSw3SH2O6y6X-localhost%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E">
But user still login Liferay.
Thanks!
And in cas server log I can see POST logout request to Liferay server:
2016-11-22 12:37:39,824 DEBUG [org.apache.http.impl.execchain.MainClientExec] - <Opening connection {s}->https://jrs2.ncu.com.ua:443>
2016-11-22 12:37:39,825 DEBUG [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] - <Connecting to jrs2.ncu.com.ua/192.168.60.217:443>
2016-11-22 12:37:39,854 DEBUG [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] - <Connection established 192.168.60.217:50985<->192.168.60.217:443>
2016-11-22 12:37:39,854 DEBUG [org.apache.http.impl.conn.DefaultManagedHttpClientConnection] - <http-outgoing-1: set socket timeout to 5000>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.impl.execchain.MainClientExec] - <Executing request POST /liferay/c/portal/login HTTP/1.1>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.impl.execchain.MainClientExec] - <Target auth state: UNCHALLENGED>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.impl.execchain.MainClientExec] - <Proxy auth state: UNCHALLENGED>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> POST /liferay/c/portal/login HTTP/1.1>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Content-Type: application/x-www-form-urlencoded>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Content-Length: 476>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Host: jrs2.ncu.com.ua>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Connection: Keep-Alive>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.7.0_80)>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Cookie: JSESSIONID=18E9A568B2DF2052B7AEEB231D89954F>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.headers] - <http-outgoing-1 >> Accept-Encoding: gzip,deflate>
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "POST /liferay/c/portal/login HTTP/1.1[\r][\n]">
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]">
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Content-Length: 476[\r][\n]">
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Host: jrs2.ncu.com.ua[\r][\n]">
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Connection: Keep-Alive[\r][\n]">
2016-11-22 12:37:39,855 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.7.0_80)[\r][\n]">
2016-11-22 12:37:39,856 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Cookie: JSESSIONID=18E9A568B2DF2052B7AEEB231D89954F[\r][\n]">
2016-11-22 12:37:39,856 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "Accept-Encoding: gzip,deflate[\r][\n]">
2016-11-22 12:37:39,856 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "[\r][\n]">
2016-11-22 12:37:39,856 DEBUG [org.apache.http.wire] - <http-outgoing-1 >> "logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-2-ogwHPG4UWA5
wVGTydbf2zbwRGEJJ7e3qlks%22+Version%3D%222.0%22+IssueInstant%3D%222016-11-22T12%3A37%3A39Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml
%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-2-NwN5gSzDnSw3SH2O6y6X-localhost%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E">
But user still login Liferay.
Thanks!
David H Nebinger, modificado hace 7 años.
RE: Liferay and Single Logout with CAS
Liferay Legend Mensajes: 14919 Fecha de incorporación: 2/09/06 Mensajes recientes
Try doing the logout from Liferay instead of from cas.
Sasha M, modificado hace 7 años.
RE: Liferay and Single Logout with CAS
New Member Mensajes: 3 Fecha de incorporación: 14/11/16 Mensajes recientes
From liferay logout works perfect,
but if I add to SSO for example jasper report or another application and logout from this app,
then liferay SLO not working.
Thanks.
but if I add to SSO for example jasper report or another application and logout from this app,
then liferay SLO not working.
Thanks.
Raphaël Truffaut, modificado hace 7 años.
RE: Liferay and Single Logout with CAS
New Member Mensaje: 1 Fecha de incorporación: 22/07/16 Mensajes recientes
I get the same issue with Liferay Community Edition Portal 7.0.2 GA3 and a CAS server (Jasig/Apereo 4.2.6).
The SLO is send by CAS server but Liferay doesn't seems to handle it.
All the CAS configuration has been made by Liferay GUI.
In log file "localhost_access_log" i can see :
IP_CAS_SERVR - - [24/Nov/2016:10:55:13 +0000] "POST /liferay/c/portal/login?redirect=%2Fliferay%2F&refererPlid=30689&p_l_id=30368 HTTP/1.1" 302 -
Like Sasha, SLO of others apps work!
Does someone manage to make it work ?
The SLO is send by CAS server but Liferay doesn't seems to handle it.
All the CAS configuration has been made by Liferay GUI.
In log file "localhost_access_log" i can see :
IP_CAS_SERVR - - [24/Nov/2016:10:55:13 +0000] "POST /liferay/c/portal/login?redirect=%2Fliferay%2F&refererPlid=30689&p_l_id=30368 HTTP/1.1" 302 -
Like Sasha, SLO of others apps work!
Does someone manage to make it work ?