我在我的项目中使用CAS 4。我有两个申请。我成功登录到我的应用程序1,如果我从应用程序1重定向到应用程序2,则无论先前的会话是否存在,CAS都会被强制再次提供凭据。我没有注销或关闭浏览器,但它要求对每个应用程序进行身份验证。
我在CAS服务器4.0和客户端3.4.1版本以及我的每个应用程序的 web.xml 中配置了CAS客户端。
的web.xml
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://localhost:8080/cas</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener
</listener-class>
</listener>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://localhost:8080/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://localhost:8080/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/login.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/proxyCallback</url-pattern>
</filter-mapping>
<context-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</context-param>
继续我的讨论,我调试CAS Server,其显示如下
[org.jasig.cas.CentralAuthenticationServiceImpl] - [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - [org.jasig.cas.CentralAuthenticationServiceImpl] -
[org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - @ NOT_USED @samlp:SessionIndexST-2-jp9ydEyiFuT9hlKw2SaK-org.in]&gt; [org.jasig.cas.logout.LogoutManagerImpl] - http://abc.in:8888/app1/login.do]> [org.jasig.cas.util.SimpleHttpClient] - http://abc.in:8888/app1/login.do>
[org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - @ NOT_USED @samlp:SessionIndexST-1-DLttZgFyzfWmdpXVmB4a-org.in]&gt; [org.jasig.cas.logout.LogoutManagerImpl] - http://abc.in:8888/app3/login.do]> [org.jasig.cas.util.SimpleHttpClient] - http://abc.in:8888/app3/login.do>
[org.jasig.cas.logout.SamlCompliantLogoutMessageCreator] - @ NOT_USED @samlp:SessionIndexST-3-1tiTu9pcVaNs55O7FX4m-org.in]&gt; [org.jasig.cas.logout.LogoutManagerImpl] - http://abc.in:8888/app2/login.do]&gt;
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - [org.jasig.cas.ticket.registry.DefaultTicketRegistry] -
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
世卫组织:审计:未知什么: TGT-1-BEacZ4CpvMRxgSY5lEb5xvnGQ9fLgPjKJcjXj3BMKHjbQXCGJM-org.in 行动:TICKET_GRANTING_TICKET_DESTROYED应用程序:CAS时间:星期二 Jun 20 16:29:46 IST 2017客户端IP地址:10.191.53.54服务器IP 地址:10.191.53.54
[org.jasig.cas.util.SimpleHttpClient] - http://abc.in:8888/app2/login.do>
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] -
[org.jasig.cas.util.SimpleHttpClient] - http://abc.in:8888/app1/login.do> [org.jasig.cas.util.SimpleHttpClient] - http://abc.in:8888/app2/login.do> [org.jasig.cas.util.SimpleHttpClient] - http://abc.in:8888/app3/login.do>
这里的问题是,如果我退出app1,它会从app1和app3注销,但我无法从app2注销。还是会议还活着。我在所有三个应用程序中使用相同的CAS客户端配置。这里我在单独的选项卡中打开了所有三个应用程序究竟是什么问题。
我认为appl2存在问题,我的web.xml配置如上,并且所有应用程序都验证了服务票证。如何在客户端(app2)中跟踪确切问题。
答案 0 :(得分:0)
请检查ServiceProperties中的sendRenew参数。
https://docs.spring.io/spring-security/site/docs/current/reference/html/cas.html#cas-st
服务必须等于将由其监控的URL CasAuthenticationFilter。 sendRenew 默认为false,但应该是 如果您的应用程序特别敏感,则设置为true。什么 这个参数的作用是告诉CAS登录服务一个单一的标志 登录是不可接受的。相反,用户需要重新输入 他们的用户名和密码是为了获得对服务的访问权。