我已完成以下更改以启用单点注销:
1. Add org.jasig.cas.client.session.SingleSignOutFilter as the first filter in filter chain.
2. Include org.jasig.cas.client.session.SingleSignOutHttpSessionListener in web.xml
但客户端会话不会失效。你知道为什么吗?
这是我的服务器日志,表明服务器正在向两个客户端发送注销请求:
181 DEBUG [org.jasig.cas.util.TGCCipherExecutor] - <Successfully decoded value. Result in Base64-encoding is [ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1USTRRMEpETFVoVE1qVTJJbjAuLjkzeTVhNFJkc2N0WTlPdXhWOVlMWHcuaVZVSUlfdWpwMlo2UmJXZnFQR05BUXd2cW1lS3RuRlljbGNfZlFGclZSWGN1Y05qVXp2UC1LTW5OT3JfYUNTbzc1SWc5TDg4YS1lTlBsSlQ2MnUzUi1ILVplLW1iQTFFQ0I4RDY1am51WHR6R3h3RzA2b0tXS3FyQmxhNFh3amtkNEpqQzhneEFONlJ1Sk1aZEY3ZGg1cGVnSGo5ZklIdVVETjM5TC1WVk5VeTgzTXpORFlqYzJJMjZUMTJ5dGIwVTlpbXFTQ056dTVybFZDaW9XNnBqWC14VU1mQ01RSTd4MTVCOEhrWmxFZ2xUX2gzTnpnSjgtX3ZtczUweFBFZmJ2UjF1eHNCX0FTRWdMd2gwSTFCZlEub2JzcGFOVk1CcWNxWk1CZWtCeGJIQQ==]>
181 DEBUG [org.jasig.cas.util.TGCCipherExecutor] - <Decrypting value...>
182 DEBUG [org.jasig.cas.web.support.DefaultCasCookieValueManager] - <Decoded cookie value is [TGT-**********************************************xO0zbG1hVN-cas01.example.org@0:0:0:0:0:0:0:1@Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36]>
183 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Removing ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] from registry...>
183 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org]>
183 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] found in registry.>
184 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Ticket found. Processing logout requests and then deleting the ticket...>
185 DEBUG [org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-5-XbgucCuIidiGsh1TjFeEcwsWKSUqIWk7oCw" Version="2.0" IssueInstant="2016-08-11T13:00:17Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-6-JkoiXK3anY5RQKZwgJYB-cas01.example.org</samlp:SessionIndex></samlp:LogoutRequest>]>
185 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Sending logout request for: [https://localhost:8443/test/newviews/home.xhtml]>
187 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Prepared logout message to send is [org.jasig.cas.logout.LogoutManagerImpl$LogoutHttpMessage@6dfc3c30[url=https://localhost:8443/test/newviews/home.xhtml,message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-5-XbgucCuIidiGsh1TjFeEcwsWKSUqIWk7oCw" Version="2.0" IssueInstant="2016-08-11T13:00:17Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-6-JkoiXK3anY5RQKZwgJYB-cas01.example.org</samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded]]>
188 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Captured logout request [org.jasig.cas.logout.DefaultLogoutRequest@30c9f96b[ticketId=ST-6-JkoiXK3anY5RQKZwgJYB-cas01.example.org,service=https://localhost:8443/test/newviews/home.xhtml,status=SUCCESS]]>
189 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Connecting socket to localhost/127.0.0.1:8443 with timeout 5000>
191 DEBUG [org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - <Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-6-DgpO6cQ1ySIrFlAKjmLctLfSdVgkqUoQOI9" Version="2.0" IssueInstant="2016-08-11T13:00:17Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-7-RhZCrItuoTVLcaJv2rdC-cas01.example.org</samlp:SessionIndex></samlp:LogoutRequest>]>
191 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]>
191 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]>
191 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Starting handshake>
191 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Sending logout request for: [https://localhost:7443/cas-sample/secure/index.jsp]>
191 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Prepared logout message to send is [org.jasig.cas.logout.LogoutManagerImpl$LogoutHttpMessage@68a12efb[url=https://localhost:7443/cas-sample/secure/index.jsp,message=<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-6-DgpO6cQ1ySIrFlAKjmLctLfSdVgkqUoQOI9" Version="2.0" IssueInstant="2016-08-11T13:00:17Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-7-RhZCrItuoTVLcaJv2rdC-cas01.example.org</samlp:SessionIndex></samlp:LogoutRequest>,asynchronous=true,contentType=application/x-www-form-urlencoded]]>
193 DEBUG [org.jasig.cas.logout.LogoutManagerImpl] - <Captured logout request [org.jasig.cas.logout.DefaultLogoutRequest@7a9049cf[ticketId=ST-7-RhZCrItuoTVLcaJv2rdC-cas01.example.org,service=https://localhost:7443/cas-sample/secure/index.jsp,status=SUCCESS]]>
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Connecting socket to localhost/127.0.0.1:7443 with timeout 5000>
194 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org]>
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Secure session established>
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < negotiated protocol: TLSv1.2>
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256>
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < peer principal: CN=localhost, OU=IT, O=xxxx, L=xxxx, ST=xxxx, C=xxxx>
194 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < issuer principal: CN=localhost, OU=IT, O=xxxx, L=xxxx, ST=xxxx, C=xxxx>
194 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] found in registry.>
195 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing children of ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] from the registry.>
195 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] from the registry.>
196 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Publishing org.jasig.cas.support.events.CasTicketGrantingTicketDestroyedEvent@1a5ff277[ticketGrantingTicket=TGT-**********************************************xO0zbG1hVN-cas01.example.org]>
197 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]>
197 DEBUG [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Trying to see if target's return value is instance of [Assertion]...>
197 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]>
197 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Starting handshake>
197 DEBUG [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Resolving principal from the delegate principal resolver: [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver@247e35d8]...>
198 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [String] for audit>
198 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org]>
199 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] by type [Ticket] cannot be found in the ticket registry.>
202 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Could not locate ticket [TGT-**********************************************xO0zbG1hVN-cas01.example.org] in the registry>
202 DEBUG [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Meaningful principal id could not be resolved by [org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver@6e9c9d27]. Returning [audit:unknown]...>
203 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
INFO | jvm 1 | 2016/08/11 13:00:17 | =============================================================
INFO | jvm 1 | 2016/08/11 13:00:17 | WHO: audit:unknown
INFO | jvm 1 | 2016/08/11 13:00:17 | WHAT: TGT-**********************************************xO0zbG1hVN-cas01.example.org
INFO | jvm 1 | 2016/08/11 13:00:17 | ACTION: TICKET_GRANTING_TICKET_DESTROYED
INFO | jvm 1 | 2016/08/11 13:00:17 | APPLICATION: CAS
INFO | jvm 1 | 2016/08/11 13:00:17 | WHEN: Thu Aug 11 13:00:17 EDT 2016
INFO | jvm 1 | 2016/08/11 13:00:17 | CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
INFO | jvm 1 | 2016/08/11 13:00:17 | SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
INFO | jvm 1 | 2016/08/11 13:00:17 | =============================================================
INFO | jvm 1 | 2016/08/11 13:00:17 |
INFO | jvm 1 | 2016/08/11 13:00:17 | >
203 DEBUG [org.jasig.cas.web.support.TGCCookieRetrievingCookieGenerator] - <Removed cookie with name [TGC]>
203 DEBUG [org.jasig.cas.web.WarningCookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]>
206 DEBUG [org.jasig.cas.services.web.RegisteredServiceThemeBasedViewResolver] - <View resolved: /WEB-INF/view/jsp/default/ui/casLogoutView.jsp>
210 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - <Secure session established>
210 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < negotiated protocol: TLSv1.2>
210 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256>
210 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < peer principal: CN=localhost, OU=IT, O=xxxx, L=xxxx, ST=xxxx, C=xxxx>
210 DEBUG [org.jasig.cas.authentication.FileTrustStoreSslSocketFactory] - < issuer principal: CN=localhost, OU=IT, O=xxxx, L=xxxx, ST=xxxx, C=xxxx>
在我进一步分析期间,我将SLO回调更改为同步。
slo.callbacks.asynchronous=false
现在我得到WARN [org.jasig.cas.logout.LogoutManagerImpl] - <Logout message not sent to [https://localhost:8443/test/newviews/home.xhtml]; Continuing processing...>
这意味着注销消息未发送给客户端。我还注意到我的日志中没有org.jasig.cas.util.SimpleHttpClient条目。我认为这是个问题。有任何建议要纠正这个吗?
答案 0 :(得分:0)
请尝试启用日志作为&#34;跟踪&#34;水平。这应该会为您提供有关幕后发生的更多细节。