[Question] How to support global logout

[sammyhk]

We have 2 components hosted in 2 separated Wildfly 10 server, we would like to use this CAS wildfly extension for the Jasig CAS support. In our logout servlet, it is calling Java EE request.logout() and then calling request.redirect(userPrincipal.generateLogoutUrl(...)). The process successfully destroyed the local session and the CAS SSO session, but seems my second components not being logged out.

[ceharris]

I doubt that global logout is fully implemented in the extension at this point, but I'm sure we can get it working. Would you check the Wildfly access logs to see what logout requests are being received from the CAS server?

[sammyhk]

That should be a back channel HTTP POST request sent from the CAS server, the data structure is compatible with SAML v2 Single Logout profile, you can refer to https://github.com/Jasig/java-cas-client/blob/master/cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java#L289

[ceharris]

I'm familiar with the protocol. Just wanted to ascertain that your apps were in fact getting POST requests for logout from the CAS server.

[sammyhk]

Thanks. It is a HTTP POST request, detail as below:

18:34:56,415 INFO  [io.undertow.request.dump] (default task-48) 
----------------------------REQUEST---------------------------
               URI=/testing-app//index.jsp
 characterEncoding=null
     contentLength=485
       contentType=[application/x-www-form-urlencoded]
            header=Accept=text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
            header=Connection=keep-alive
            header=Content-Type=application/x-www-form-urlencoded
            header=Content-Length=485
            header=User-Agent=Java/1.6.0_45
            header=Host=10.1.132.25:8080
            locale=[]
            method=POST
          protocol=HTTP/1.1
       queryString=
        remoteAddr=/10.1.132.26:53831
        remoteHost=10.1.132.26 <-- this is my CAS server address
            scheme=http
              host=10.1.132.25:8080
        serverPort=8080
--------------------------RESPONSE--------------------------
     contentLength=0
       contentType=null
            cookie=cas-status=0; domain=null; path=null
            header=Expires=0
            header=Cache-Control=no-cache, no-store, must-revalidate
            header=X-Powered-By=Undertow/1
            header=Set-Cookie=cas-status=0; secure; HttpOnly
            header=Server=WildFly/10
            header=Pragma=no-cache
            header=Location=https://mycasserver.com/cas-server/login?service=http%3A%2F%2F10.1.132.25%3A8080%2Ftesting-app%2F%2Findex.jsp
            header=Date=Tue, 03 May 2016 10:34:56 GMT
            header=Connection=keep-alive
            header=Content-Length=0
            status=302
==============================================================

[ceharris]

Created issue #9 to track the resolution of this question.