我试图在casified应用程序中使用SLO(cas客户端核心3.4.1)
从cas-sample-java-webapp创建了3个cas-sample-java-webapp-master实例
登录所有3个应用程序后,
我退出client1>这会注销client1和cas。
但是client2和client3已登录
不确定我错过了什么
在客户 web.xml
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
</filter>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
以下是与client2和client3相关的日志,同时注销client1
11:50:43,098 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (pool-13-thread-3) Secure session established
11:50:43,098 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (pool-13-thread-3) negotiated protocol: TLSv1.2
11:50:43,098 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (pool-13-thread-3) negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
11:50:43,098 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (pool-13-thread-3) peer principal: CN=localhost
11:50:43,098 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (pool-13-thread-3) issuer principal: CN=localhost
11:50:43,101 DEBUG [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] (pool-13-thread-3) Connection established <my_ip>:55307<-><my_ip>:8443
11:50:43,101 DEBUG [org.apache.http.impl.execchain.MainClientExec] (pool-13-thread-3) Executing request POST /client2 HTTP/1.1
11:50:43,101 DEBUG [org.apache.http.impl.execchain.MainClientExec] (pool-13-thread-3) Target auth state: UNCHALLENGED
11:50:43,101 DEBUG [org.apache.http.impl.execchain.MainClientExec] (pool-13-thread-3) Proxy auth state: UNCHALLENGED
11:50:43,101 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 >> POST /client2 HTTP/1.1
11:50:43,101 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 >> Content-Type: application/x-www-form-urlencoded
11:50:43,101 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 >> Content-Length: 484
11:50:43,101 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 >> Host: localhost:8443
11:50:43,101 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 >> Connection: Keep-Alive
11:50:43,101 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 >> User-Agent: Apache-HttpClient/4.4.1 (Java/1.8.0_92)
11:50:43,101 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 >> Accept-Encoding: gzip,deflate
11:50:43,101 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 >> "POST /client2 HTTP/1.1[\r][\n]"
11:50:43,101 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
11:50:43,101 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 >> "Content-Length: 484[\r][\n]"
11:50:43,101 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 >> "Host: localhost:8443[\r][\n]"
11:50:43,101 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
11:50:43,101 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.4.1 (Java/1.8.0_92)[\r][\n]"
11:50:43,101 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
11:50:43,101 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 >> "[\r][\n]"
11:50:43,101 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 >> "logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-3-QEo4g9q44zCinXYJGKuJ7v6WNzwo6WC4csW%22+Version%3D%222.0%22+IssueInstant%3D%222018-05-20T11%3A50%3A42Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-2-UdNRzkc6qZLihn3Uc6Az-cas01.example.org%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E"
11:50:43,106 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 << "HTTP/1.1 307 Temporary Redirect[\r][\n]"
11:50:43,106 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 << "Connection: keep-alive[\r][\n]"
11:50:43,106 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 << "X-Powered-By: MY-APP-SERVER[\r][\n]"
11:50:43,106 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 << "Server: MY-APP-SERVER[\r][\n]"
11:50:43,106 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 << "Location: https://localhost:8443/client2/[\r][\n]"
11:50:43,106 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 << "Content-Length: 0[\r][\n]"
11:50:43,106 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 << "Date: Sun, 20 May 2018 06:20:43 GMT[\r][\n]"
11:50:43,108 DEBUG [org.apache.http.wire] (pool-13-thread-3) http-outgoing-0 << "[\r][\n]"
11:50:43,108 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 << HTTP/1.1 307 Temporary Redirect
11:50:43,108 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 << Connection: keep-alive
11:50:43,108 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 << X-Powered-By: MY-APP-SERVER
11:50:43,108 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 << Server: MY-APP-SERVER
11:50:43,108 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 << Location: https://localhost:8443/client2/
11:50:43,108 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 << Content-Length: 0
11:50:43,108 DEBUG [org.apache.http.headers] (pool-13-thread-3) http-outgoing-0 << Date: Sun, 20 May 2018 06:20:43 GMT
11:50:43,108 DEBUG [org.apache.http.impl.execchain.MainClientExec] (pool-13-thread-3) Connection can be kept alive indefinitely
11:50:43,108 DEBUG [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] (pool-13-thread-3) Connection [id: 0][route: {s}->https://localhost:8443] can be kept alive indefinitely
11:50:43,108 DEBUG [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] (pool-13-thread-3) Connection released: [id: 0][route: {s}->https://localhost:8443][total kept alive: 2; route allocated: 3 of 50; total allocated: 3 of 100]
11:50:43,113 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (pool-13-thread-1) Secure session established
11:50:43,113 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (pool-13-thread-1) negotiated protocol: TLSv1.2
11:50:43,113 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (pool-13-thread-1) negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
11:50:43,113 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (pool-13-thread-1) peer principal: CN=localhost
11:50:43,113 DEBUG [org.apache.http.conn.ssl.SSLConnectionSocketFactory] (pool-13-thread-1) issuer principal: CN=localhost
11:50:43,113 DEBUG [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] (pool-13-thread-1) Connection established <my_ip>:55308<-><my_ip>:8443
11:50:43,113 DEBUG [org.apache.http.impl.execchain.MainClientExec] (pool-13-thread-1) Executing request POST /client3 HTTP/1.1
11:50:43,113 DEBUG [org.apache.http.impl.execchain.MainClientExec] (pool-13-thread-1) Target auth state: UNCHALLENGED
11:50:43,113 DEBUG [org.apache.http.impl.execchain.MainClientExec] (pool-13-thread-1) Proxy auth state: UNCHALLENGED
11:50:43,113 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 >> POST /client3 HTTP/1.1
11:50:43,116 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 >> Content-Type: application/x-www-form-urlencoded
11:50:43,116 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 >> Content-Length: 484
11:50:43,116 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 >> Host: localhost:8443
11:50:43,116 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 >> Connection: Keep-Alive
11:50:43,116 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 >> User-Agent: Apache-HttpClient/4.4.1 (Java/1.8.0_92)
11:50:43,116 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 >> Accept-Encoding: gzip,deflate
11:50:43,116 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 >> "POST /client3 HTTP/1.1[\r][\n]"
11:50:43,116 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
11:50:43,116 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 >> "Content-Length: 484[\r][\n]"
11:50:43,116 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 >> "Host: localhost:8443[\r][\n]"
11:50:43,116 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 >> "Connection: Keep-Alive[\r][\n]"
11:50:43,116 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 >> "User-Agent: Apache-HttpClient/4.4.1 (Java/1.8.0_92)[\r][\n]"
11:50:43,116 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 >> "Accept-Encoding: gzip,deflate[\r][\n]"
11:50:43,116 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 >> "[\r][\n]"
11:50:43,116 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 >> "logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-1-audt9vCEwA6SOHXNgA4BfdHgWySeTs62Edi%22+Version%3D%222.0%22+IssueInstant%3D%222018-05-20T11%3A50%3A42Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3E%40NOT_USED%40%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-3-gxiaEaiKCh353tFc6iK1-cas01.example.org%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E"
11:50:43,118 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 << "HTTP/1.1 307 Temporary Redirect[\r][\n]"
11:50:43,118 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 << "Connection: keep-alive[\r][\n]"
11:50:43,118 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 << "X-Powered-By: MY-APP-SERVER[\r][\n]"
11:50:43,118 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 << "Server: MY-APP-SERVER[\r][\n]"
11:50:43,118 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 << "Location: https://localhost:8443/client3/[\r][\n]"
11:50:43,118 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 << "Content-Length: 0[\r][\n]"
11:50:43,118 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 << "Date: Sun, 20 May 2018 06:20:43 GMT[\r][\n]"
11:50:43,118 DEBUG [org.apache.http.wire] (pool-13-thread-1) http-outgoing-2 << "[\r][\n]"
11:50:43,118 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 << HTTP/1.1 307 Temporary Redirect
11:50:43,118 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 << Connection: keep-alive
11:50:43,118 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 << X-Powered-By: MY-APP-SERVER
11:50:43,118 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 << Server: MY-APP-SERVER
11:50:43,118 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 << Location: https://localhost:8443/client3/
11:50:43,118 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 << Content-Length: 0
11:50:43,118 DEBUG [org.apache.http.headers] (pool-13-thread-1) http-outgoing-2 << Date: Sun, 20 May 2018 06:20:43 GMT
11:50:43,118 DEBUG [org.apache.http.impl.execchain.MainClientExec] (pool-13-thread-1) Connection can be kept alive indefinitely
11:50:43,118 DEBUG [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] (pool-13-thread-1) Connection [id: 2][route: {s}->https://localhost:8443] can be kept alive indefinitely
11:50:43,118 DEBUG [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] (pool-13-thread-1) Connection released: [id: 2][route: {s}->https://localhost:8443][total kept alive: 3; route allocated: 3 of 50; total allocated: 3 of 100]
11:50:43,133 DEBUG [io.undertow.request.io] (default I/O-8) UT005013: An IOException occurred: java.io.IOException: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:612)
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:708)
at io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:565)
at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:153)
at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:131)
at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:57)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1122)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
Caused by: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) [jsse.jar:1.8.0_92]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) [jsse.jar:1.8.0_92]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) [jsse.jar:1.8.0_92]
at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561) [jsse.jar:1.8.0_92]
at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:610)
... 11 more
2 logoutRequest在日志中生成,不要认为请求到达客户端的注销过滤器 此外,kestore配置已经完成,不知道为什么抛出SSLException 任何帮助表示赞赏。
答案 0 :(得分:0)
我终于搞定了! 这确实是一个应用程序配置错误,我错过了一个&#39; /&#39; (斜杠)在web.xml上client2的URL末尾。 我不确定这是否是预期的行为,可能是单点登出过滤器的网址模式指向了那个方向。