Logout hook?

Scott Battaglia scott.battaglia at gmail.com
Fri Sep 7 13:45:05 EDT 2007 

Andrew,

The existence of a cookie doesn't matter if the actual Ticket Granting
Ticket doesn't exist.  You should just be able to merely call the
centralAuthenticationService.destroyTicketGrantingTicket(ticketId).  The
ticketId should be available from the web tier.

-Scott

On 9/7/07, Andrew R Feller <afelle1 at lsu.edu> wrote:
>
>  Scott,
>
>
>
> Yes, I want to hook into the logout process initiated whenever a user hits
> the CAS logout servlet (/cas/logout).
>
>
>
> According to the cas-servlet.xml for the CAS server, the logoutController
> (org.jasig.cas.web.LogoutController) is responsible for ensuring that the
> user's TGT is invalidated and any cookies CAS created are removed.  Once the
> TGT has been destroyed, it will forward the user to a page as noted by the
> logoutView property of the logout controller, which must be a CAS view.
> Given this, the only thing I can think of would be:
>
>
>
>    1. Modify the logout view to invalidate all cookies for the domain
>    the CAS server resides on
>    2. Extend the org.jasig.cas.CentralAuthenticationServiceImpl class
>    to hook into the destroyTicketGrantingTicket() method to have the CAS server
>    invalidate secondary cookies
>
>
>
> I would prefer to modify as little of the CAS source as possible.  I
> simply didn't know if there was a recommended way of doing this.
>
>
>
> Thanks for the help as always,
>
> Andy
>
>
>
> Andrew R Feller, Analyst
>
> Subversion Administrator
>
> University Information Systems
>
> Louisiana State University
>
> afelle1 at lsu.edu
>
> (office) 225.578.3737
>   ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Scott Battaglia
> *Sent:* Friday, September 07, 2007 9:33 AM
> *To:* Yale CAS mailing list
> *Subject:* Re: Logout hook?
>
>
>
> Which logout process? The actual logout called by /cas/logout?
>
> If so, then that's CentralAuthenticationService.deleteTicketGrantingTicket
> ()
>
> -Scott
>
> On 9/7/07, *Andrew R Feller* <afelle1 at lsu.edu> wrote:
>
> Is there a way for developers to hook into the logout process of CAS 3.1?
> I ask because I am hooking into the web flow login process to authenticate
> user credentials with a second identity store and I need to expire the
> authentication token issued on logout.
>
>
>
> Thanks,
>
>
>
> Andrew R Feller, Analyst
>
> Subversion Administrator
>
> University Information Systems
>
> Louisiana State University
>
> afelle1 at lsu.edu
>
> (office) 225.578.3737
>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070907/6fe6d107/attachment.html

More information about the cas mailing list