Re: [sakai-core] Urgent Help Needed ! Single Sign Out ( Single Log out ) for SAKAI and CAS and Liferay

[Rushikesh Garadade]

++[sakai-dev], ++[cas-user]

Hi Steve,

I have attached web.xml with the mail. Its the xml present in the location "../tomcat/webapps/sakai-login-tool/WEB-INF". In the xml attached I have mentioned which config code I have added for CAS Config(both SSO and SLO). Please have a look and guide us in case you find any correction.

Thanks a lot.

Regards, 

Rushikesh Garadade

On Mon, Apr 23, 2018 at 3:04 AM, Steve Swinsburg <steve.s...@gmail.com> wrote:

Hi, 

I am not sure if Sakai supports the single sign out though. What is the exact config you are adding to the web.xml?

Also please keep this on the mailing list.

Cheers

Steve

On Sat., 21 Apr. 2018, 23:38 Manali Shinde, <manalish...@gmail.com> wrote:

Steve, 

As Rushikesh explained , its a complete show-stopper for us.  Essentially if we logout of Liferay ( via CAS ) - it should log us out of SAKAI.  

The smallest help will be appreciated.   Eagerly waiting for your response to the queries sent over by Rushikesh and me ! 

Regards, 

Manali

On Sat, Apr 21, 2018 at 2:05 PM, Rushikesh Garadade <rushikes...@gmail.com> wrote:

Hi Steve, 

Thanks a lot for your reply. I have few more queries, please help us with that. It is Show stopper for us right now.

Let me walk you through to the scenario: 

I have Liferay 7 and Sakai 11 as applications which will login through CAS 3.6 for single sign on(SSO). 

 For SSO to workin Sakai, I have followed your link: https://confluence.sakaiproject.org/display/~steve.swinsburg/CASifying+Sakai+with+CAS+3

I know there is one more easy way ( SAK-23187 ), but somehow I got SSO correct with above link.

SSO is working fine i.e when I login from one it will automatically login on another. 

However for Signing out it is not the same.

After some googling I found out that there are some extra config I need to do for Single Log out(Single sign out).

I need to add below filter in respective Clients web.xml :

  <filter>

                <filter-name>CAS Single Sign Out Filter</filter-name>

                <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

                <init-param>

                        <param-name>casServerUrlPrefix</param-name>

                        <param-value>https://HOSTNAME:8443</param-value>

                </init-param>

  </filter>

  <filter-mapping>

            <filter-name>CAS Single Sign Out Filter</filter-name>

            <url-pattern>/*</url-pattern>

   </filter-mapping>

   <listener>

            <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

    </listener>

 

I have added above filter in Liferay 7, it started working. i.e. If I logout from CAS server, it is automatically logging out from liferay ..SUCCESS

BUT

When I tried to add same above filter in sakai-login-tool's web.xml (same place where you made other configs for Single Sign On ), it did not work i.e. logging out from CAS does not logout from Sakai

-Note:  In both of the web.xml above , I have added this filters at the top. 

I have tried many other options which did not work. however among all I found this way more suitable and correct

Queries: 

1) Looking at above scenario, do you suggest any changes to make sakai work for SLO(Single Log Out)

2) Or as per your sentence it is not working because  Sakai's logout protocol doesn't support SLO. It will really a help in case you know any solid link to prove this(May be some Sakai Documentation).  

Please help us with what you have in regards to this.

Thanks a lot in advance.

Thanks,

Rushikesh Garadade

rushikes...@gmail.com

 

On Thu, Apr 19, 2018 at 4:38 PM, Steve Swinsburg <steve.s...@gmail.com> wrote:

Hi,

What are you seeing in the Sakai HTTP server logs for the sign out request? AFAIK Sakai doesn't support single sign out but it has been a few years since I worked on this.

https://wiki.jasig.org/display/casum/single+sign+out

"Clients that do not support the logout protocol may notice extra requests in their access logs that appear not to do anything."

regards,

Steve

On Thu, Apr 19, 2018 at 4:14 PM, Manali Shinde <manalish...@gmail.com> wrote:

Hi,

I have configured Liferay 7 and Sakai 11 for Single Sign On with CAS 3.6. It is working perfectly fine with the below configuration in Liferay: 
Login Url : https://hostname:8443/cas/login
Logout Url: https://hostname8443/cas/logout
Server Name: https://hostname:8443
Server Url: https://hostname:8443/cas
Service Url: (Blank)
No Such User Redirect URL: https://hostname:8443

Both liferay and cas is in same tomcat.
When I login to liferay with cas , same user gets automatically logged in Sakai and vice versa, However Single Sign out does not work, i.e. if I logout from liferay it will not automatically logout from Sakai (and vice versa).

Expectation :

If user logs out of Liferay , he/she must log out of SAKAI as well.

--
You received this message because you are subscribed to the Google Groups "Sakai Core Team" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sakai-core+unsubscribe@apereo.org.
To post to this group, send email to sakai...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/sakai-core/.

--

Thanks and Regards ,
Manali Shinde