你的位置:首页 > Java教程

[Java教程]SSO单点登录一:cas单点登录防止登出退出后刷新后退ticket失效报500错,也有退出后直接重新登录报票根验证错误

问题1: 我登录了client2,又登录了client3,现在我把client2退出了,在client3里面我F5刷新了一下,结果页面报错:

未能够识别出目标 'ST-41-2VcnVMguCDWJX5zHaaaD-cas01.example.org'票根

问题2:登录了client,然后退出,再重新输入用户名,结果页面也会报错 验证 'ST-41-2VcnVMguCDWJX5zHaaaD-cas01.example.org'失败

 

解决方法:自己测试了多遍并在网上做了参考后修改,最后验证成功,之后就不报错了。解决办法如下:

单点登出,客户端配置。我尝试使用SAML作为认证和Ticket校验,但是调试时发现单点登出取标识的方式只能识别CAS的认证和校验。
认证:org.jasig.cas.client.authentication.AuthenticationFilter
校验:org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
过滤器顺序:
1. CAS Single Sign Out Filter
2. CAS Validation Filter
3. CAS Authentication Filter
4. CAS HttpServletRequest Wrapper Filter
5. CAS Assertion Thread Local Filter
特别注意Validation在Authentication之前,因为我使用的是Cas20ProxyReceivingTicketValidationFilter。

根据CAS文档描述:If you are using proxy validation, you should map the validation filter before the authentication filter.

 1 <!-- /****cas配置******/ --> 2  3 <filter> 4  <filter-name>characterEncodingFilter</filter-name> 5  <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 6  <init-param> 7   <param-name>encoding</param-name> 8   <param-value>UTF-8</param-value> 9  </init-param>10 </filter>11 <filter-mapping>12  <filter-name>characterEncodingFilter</filter-name>13  <url-pattern>/*</url-pattern>14 </filter-mapping>15 <!-- 与CAS Single Sign Out Filter配合,注销登录信息 -->16 <listener>17 <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>18 </listener>19 <!-- CAS Server 通知 CAS Client,删除session,注销登录信息 -->20 <filter>21 <filter-name>CAS Single Sign Out Filter</filter-name>22  <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>23 </filter>24 <filter-mapping>25  <filter-name>CAS Single Sign Out Filter</filter-name>26  <url-pattern>/*</url-pattern>27 </filter-mapping>28 29 <!-- CAS Client向CAS Server进行ticket验证 -->30 <filter>31  <filter-name>CAS Validation Filter</filter-name>32  <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>33  <init-param>34   <param-name>casServerUrlPrefix</param-name>35   <param-value></param-value>36  </init-param>37  <init-param>38   <param-name>serverName</param-name>39   <param-value></param-value>40  </init-param>41 </filter>42 43 <filter-mapping>44  <filter-name>CAS Validation Filter</filter-name>45  <url-pattern>/system/login/fm.jsp</url-pattern>46 </filter-mapping>47 48 <!-- 登录认证,未登录用户导向CAS Server进行认证 -->49 <filter>50  <filter-name>CAS Filter</filter-name>51  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>52  <init-param>53   <param-name>casServerLoginUrl</param-name>54   <param-value></param-value>55  </init-param>56  <init-param>57   <param-name>serverName</param-name>58   <param-value></param-value>59  </init-param>60 </filter>61 <filter-mapping>62  <filter-name>CAS Filter</filter-name>63  <url-pattern>/system/login/fm.jsp</url-pattern>64 </filter-mapping>65 66 <!-- 封装request, 支持getUserPrincipal等方法 -->67 <filter>68  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>69  <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>70 </filter>71 <filter-mapping>72  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>73  <url-pattern>/*</url-pattern>74 </filter-mapping>75 <!-- 存放Assertion到ThreadLocal中 -->76 <filter>77  <filter-name>CAS Assertion Thread Local Filter</filter-name>78  <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>79 </filter>80 <filter-mapping>81  <filter-name>CAS Assertion Thread Local Filter</filter-name>82  <url-pattern>/*</url-pattern>83 </filter-mapping>

这样配置以后基本就解决这个问题了。