Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem Share Cas Logout

carlosjl
Champ in-the-making
Champ in-the-making

‎07-10-2015 07:25 AM

Hello, I'm new with alfresco.

My environment consists of:

- Cas Server 3.5.2
- Alfresco Community 5.0.c

I configured share to validate with cas (cas-client-core-3.3.3) and all work fine. But I have the logout problem.
In share (web.xml):

   <filter>
      <filter-name>CAS Single Sign Out Filter</filter-name>
      <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
   </filter>
   <filter-mapping>
      <filter-name>CAS Authentication Filter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>
   <listener>
      <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
   </listener>

But this does not work… or I need some settings.

I read about the possibility of extending logoutController in custom-slingshot-application-context.xml

Any ideas!!

Thank's for all.



Labels:
0 Kudos
13 REPLIES 13

idwright
Star Collaborator
Star Collaborator

‎07-28-2015 09:54 AM

Firstly I'll admit I haven't even tried to get this working but I've some experience in this area so hopefully can provide some pointers.

A key thing to remember is that you are logged in to CAS <em>and</em> Alfresco so you need to log out of both.

The filter you've listed is for Single Sign Out so Alfresco gets a logout message from CAS (a POST) i.e. when the user has logged out of CAS, probably via another app, so what you would need to do is provide another bit of code to do the logout from Alfresco as well when the POST is received.(I've never bothered with this)

The logout controller is called when you log out of Alfresco - the logout menu option is disabled when you have configured SSO but it's not too difficult to reenable it but you do need to tell the controller to log out of CAS as well otherwise you just get logged straight back in again as your CAS credentials are still active.

Unfortunately the way the logout menu/controller works keeps changing and I haven't worked out what to do in 5.0.x (just to make things even better SSO changes within the 5.0 versions)
(for earlier versions see http://tech.wrighting.org/2011/11/share-cas-logout/)
0 Kudos

danifbconil
Champ in-the-making
Champ in-the-making

‎08-05-2015 08:28 AM

Hi, did you find the solution for the Share Cas Logout?
0 Kudos

pablog_
Champ in-the-making
Champ in-the-making

‎10-22-2015 05:34 AM

Hi, I had overrided logoutController following the link "http://tech.wrighting.org/2011/11/share-cas-logout/".

The problem is the line

<java>final String ticket = connector.getConnectorSession().getParameter(AlfrescoAuthenticator.CS_PARAM_ALF_TICKET);</java>

This param is NULL!!.

Anybody knows what's the problem?

Best regards for your help!
0 Kudos

idwright
Star Collaborator
Star Collaborator

‎11-02-2015 10:11 AM

I've created a github project that contains an all-in-one project with just the CAS configuration for 5.0.d including logout

https://github.com/wrighting/alfresco-cas

There's (slightly) more detail in the wiki attached to that project but a brief description here:

As well as creating a new logout menu item (well putting back the original which won't show with SSO configured) you need to create a patched version of Aikau in order to allow the LogoutService to post appropriate redirect parameters to the dologout url.

<blockcode>
doLogout: function alfresco_services_LogoutService__doLogout() {
         this.serviceXhr({
            url: AlfConstants.URL_PAGECONTEXT + "dologout",
            method: "POST",
            data: {
               redirectURL: "${cas.server.prefix}/logout",
               redirectURLQueryKey: "service",
               redirectURLQueryValue: "${cas.logout.dest.url}"   
            },
            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
            successCallback: this.reloadPage,
            callbackScope: this
         });
         //?
      },
</blockcode>



0 Kudos

pablog_
Champ in-the-making
Champ in-the-making
In response to idwright

‎12-15-2015 10:14 AM

Thank your for your great response 'idwright'!, your cas project was very helpfull. But I have a last (I hope) issue.
When I click in Logout link, the rest call is a POST method to 'dologout':

POST http://localhost:8081/share/page/dologout –> "401 unauthorized".

Best regards!
0 Kudos

idwright
Star Collaborator
Star Collaborator
In response to pablog_

‎03-02-2016 08:11 AM

I do see the 401 but as you are immediately forwarded on to the CAS logout page, and thence to the URL defined in the service parameter then you do get logged out and it behaves as expected despite the 401 response.
0 Kudos

davidd2go
Champ on-the-rise
Champ on-the-rise
In response to idwright

‎11-04-2016 08:16 AM

Hi Ian
Thanks for your work on CAS-Alfresco integration. This is complicated stuff and your github project really helped me to configure single sign out with mod_auth_cas.
I would prefer to use the approach on the application level with the cas client library so I started working with the amps from your project on GitHub.

The build succeeds and I applied the amps to Alfresco and Share.
I adapted web.xml and share-config-custom.xml
I am able to login to CAS but then I hit the standard Share login-page.

I think there is 1 piece of the puzzel I am missing:
How do I tell CAS to insert the alfresco header (e.g. "X-Alfresco-Remote-User") tot the calls to Share after succesfull login in CAS?

Hope you can help.

Best regards,

David

0 Kudos

idwright
Star Collaborator
Star Collaborator
In response to davidd2go

‎11-07-2016 02:58 AM

Hi David,

This might depend on the version you're using - if you're using 5.0.d to 5.1.f inclusive then you need to replace the SlingshotAlfrescoConnector in share-config-custom.xml with org.wrighting.web.site.servlet.SlingshotAlfrescoConnector instead of the Alfresco class (there's a bug...) or upgrade.

Alfresco inserts the header - CAS sets the value returned by getRemoteUser which is then used to set the header.

Regards,

Ian

(I am hoping to update the github project before the end of the year with installable amps)

davidd2go
Champ on-the-rise
Champ on-the-rise
In response to idwright

‎11-09-2016 08:26 AM

Hi Ian

Thanks for your reply.

I work with version 5.1.g (a.k.a. 201605).

I now succeeded in using your amps (based on the master branch) for CAS login.

The problems I encountered before were due to interference between my own share-config-custom.xml and the one packed in the share-amp.

I removed the second one from the project and added the references to org.wrighting.web.site.servlet.SlingshotAlfrescoConnector in my own share-config-custom.xml.

Some further observations:

- Deploying the repo-amp does not seem to be necessary

- Could not get it working without your SlingshotAlfrescoConnector, so this servlet also seems to be necessary for 5.1.g as well

Hope this info helps other people.

Regards,

David

0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC