Spring Security 4.2.1.RELEASE + SSO CAS (jasig 4.0.3)

Question

Spring Security 4.2.1.RELEASE + SSO CAS (jasig 4.0.3)

Asked 7 years, 1 month ago

Viewed 52 times

0

I am using the CAS (Jasig) with three applications, when I log out of one of the applications I finish the session of the same and the CAS, but if I access another application that was already with an open session via URL, the session is alive. How do I kill all active sessions of my CAS-bound application suite?

Example:

CAS
APPLICATION A
APPLICATION B
APPLICATION C

Application logout A completes the same and CAS, but keeps the B and C application sessions alive.

I tried to capture the cookie created by CAS so I could develop a "logout filter" to check if it has an active session, but I could not capture it.

Has anyone ever been in a similar situation?

1 answer

Browser other questions tagged spring spring-security

You are not signed in. Login or sign up in order to post.

by Alexandre Santos • **162** points · Answer 1 · 2017-06-14T13:07:37+00:00

I found the solution to the problem, when the CAS will logout the same runs a certain URL to inform to all linked systems that should kill the session. But because I’m using Spring Security, Cross Site Request Forgery (CSRF) was blocking this request. After allowing him to do the same the problem was solved.