Forums de discussion

  1. Accueil
  2. Development
  3. CAS Single Sign Out - multiple webapps

CAS Single Sign Out - multiple webapps

Matthew James Curtice, modifié il y a 15 années.

CAS Single Sign Out - multiple webapps

New Member Publications: 7 Date d'inscription: 21/12/07 Publications récentes
I am currently using CAS server 3.2.1.1 with Liferay 4.2 and other webapps, all of which implement single sign on. As Liferay is currently configured, I can click log-out and it logs out of Liferay and CAS, however I need it to work the other way as well. As it is, if the CAS session ends (through another webapp logging out, or a timeout), the user still remains logged into liferay with full access. Does anyone have any ideas for how this can be done? I tried using the single signout steps listed on the CAS website (http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+Out), which included adding an extra filter and listener in Liferay's web.xml, but this just errors out:

17:25:31,933 ERROR [[/FederationPortal]:3604] Exception starting filter CAS Single Sign Out Filter
java.lang.ClassNotFoundException: org.jasig.cas.client.session.SingleSignOutFilter

Thanks.
thumbnail
Jason E Shao, modifié il y a 15 années.

RE: CAS Single Sign Out - multiple webapps

Junior Member Publications: 33 Date d'inscription: 29/08/08 Publications récentes
Matthew James Curtice:
I am currently using CAS server 3.2.1.1 with Liferay 4.2 and other webapps, all of which implement single sign on. As Liferay is currently configured, I can click log-out and it logs out of Liferay and CAS, however I need it to work the other way as well. As it is, if the CAS session ends (through another webapp logging out, or a timeout), the user still remains logged into liferay with full access. Does anyone have any ideas for how this can be done? I tried using the single signout steps listed on the CAS website (http://www.ja-sig.org/wiki/display/CASC/Configuring+Single+Sign+Out), which included adding an extra filter and listener in Liferay's web.xml, but this just errors out:

17:25:31,933 ERROR [[/FederationPortal]:3604] Exception starting filter CAS Single Sign Out Filter
java.lang.ClassNotFoundException: org.jasig.cas.client.session.SingleSignOutFilter

Thanks.


Matthew,

I think the issue is the SSO Filter is I believe dependent on the 3.x Java CAS Client, Liferay looks like it bundles a derivative of the 2.x code.

To look at SS-Out integration via the CAS 3.x native mechanism you'd have to look at binding to the newer libraries.

Jason
Matthew J Curtice, modifié il y a 15 années.

RE: CAS Single Sign Out - multiple webapps

New Member Publications: 7 Date d'inscription: 21/12/07 Publications récentes
I do not believe that the Java CAS client is even included in liferay. It comes bundled with the Yale CAS Client 2.0.11. Is it possible to do the single sign out with the Yale CAS client, or do I need to somehow get it to use the Java one as well?
Matthew J Curtice, modifié il y a 15 années.

RE: CAS Single Sign Out - multiple webapps

New Member Publications: 7 Date d'inscription: 21/12/07 Publications récentes
Through research I have found that you are correct in that single sign out wasn't implemented until the recent versions of the jave CAS. Is there anyone who has successfully configured Liferay to work with the newest CAS client? I have played around with it some, but the classes are completely different, and the old configurations won't work. I managed to get a little bit working using new filters I found for other products (not liferay) but they still don't seem to work:

<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443</param-value>
</init-param>
</filter>

<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

Any help would be greatly appreciated.
thumbnail
Jonas Yuan, modifié il y a 15 années.

RE: CAS Single Sign Out - multiple webapps

Liferay Master Publications: 993 Date d'inscription: 27/04/07 Publications récentes
Hi Matthew,

These real examples may help.

a single CAS SSO 3.2.1 against
Application I: Alfresco 3.1
Application II: Liferay integration 5.1.2
and others ....

at SSO, LDAP, Alfresco and Liferay

Good Luck!

Jonas Yuan
Liferay Book: Liferay Portal Enterprise Intranets