Logout hook?
Andrew R Feller
afelle1 at lsu.edu
Fri Sep 7 14:44:29 EDT 2007
Scott,
=X I'm sorry that I didn't explain this properly before, but whenever I
hook into the login process to authenticate with the second identity
store (Lotus Domino), I have to take the LTPA token generated from
Domino and insert it into the user's browser as a cookie. So it isn't
the CAS TGT cookie I am worried about, but rather a cookie that I have
to set. The reason for all of this is because we have a host of legacy
Lotus Notes applications that we need to support until we can update
them to newer technologies and this seemed like the least painful method
to bring in CAS while still supporting legacy apps.
My apologies for not explaining it well enough earlier. =X
Andy
Andrew R Feller, Analyst
Subversion Administrator
University Information Systems
Louisiana State University
afelle1 at lsu.edu
(office) 225.578.3737
________________________________
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
On Behalf Of Scott Battaglia
Sent: Friday, September 07, 2007 12:45 PM
To: Yale CAS mailing list
Subject: Re: Logout hook?
Andrew,
The existence of a cookie doesn't matter if the actual Ticket Granting
Ticket doesn't exist. You should just be able to merely call the
centralAuthenticationService.destroyTicketGrantingTicket(ticketId). The
ticketId should be available from the web tier.
-Scott
On 9/7/07, Andrew R Feller <afelle1 at lsu.edu> wrote:
Scott,
Yes, I want to hook into the logout process initiated whenever a user
hits the CAS logout servlet (/cas/logout).
According to the cas-servlet.xml for the CAS server, the
logoutController (org.jasig.cas.web.LogoutController) is responsible for
ensuring that the user's TGT is invalidated and any cookies CAS created
are removed. Once the TGT has been destroyed, it will forward the user
to a page as noted by the logoutView property of the logout controller,
which must be a CAS view. Given this, the only thing I can think of
would be:
1. Modify the logout view to invalidate all cookies for the domain
the CAS server resides on
2. Extend the org.jasig.cas.CentralAuthenticationServiceImpl class
to hook into the destroyTicketGrantingTicket() method to have the CAS
server invalidate secondary cookies
I would prefer to modify as little of the CAS source as possible. I
simply didn't know if there was a recommended way of doing this.
Thanks for the help as always,
Andy
Andrew R Feller, Analyst
Subversion Administrator
University Information Systems
Louisiana State University
afelle1 at lsu.edu
(office) 225.578.3737
________________________________
From: cas-bounces at tp.its.yale.edu [mailto: cas-bounces at tp.its.yale.edu
<mailto:cas-bounces at tp.its.yale.edu> ] On Behalf Of Scott Battaglia
Sent: Friday, September 07, 2007 9:33 AM
To: Yale CAS mailing list
Subject: Re: Logout hook?
Which logout process? The actual logout called by /cas/logout?
If so, then that's
CentralAuthenticationService.deleteTicketGrantingTicket()
-Scott
On 9/7/07, Andrew R Feller <afelle1 at lsu.edu> wrote:
Is there a way for developers to hook into the logout process of CAS
3.1? I ask because I am hooking into the web flow login process to
authenticate user credentials with a second identity store and I need to
expire the authentication token issued on logout.
Thanks,
Andrew R Feller, Analyst
Subversion Administrator
University Information Systems
Louisiana State University
afelle1 at lsu.edu
(office) 225.578.3737
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070907/97699ca1/attachment.html
More information about the cas
mailing list