問題1: 我登錄了client2,又登錄了client3,現在我把client2退出了,在client3里面我F5刷新了一下,結果頁面報錯:
未能夠識別出目標 'ST-41-2VcnVMguCDWJX5zHaaaD-cas01.example.org'票根
問題2:登錄了client,然后退出,再重新輸入用戶名,結果頁面也會報錯 驗證 'ST-41-2VcnVMguCDWJX5zHaaaD-cas01.example.org'失敗
解決方法:自己測試了多遍並在網上做了參考后修改,最后驗證成功,之后就不報錯了。解決辦法如下:
單點登出,客戶端配置。我嘗試使用SAML作為認證和Ticket校驗,但是調試時發現單點登出取標識的方式只能識別CAS的認證和校驗。
認證:org.jasig.cas.client.authentication.AuthenticationFilter
校驗:org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
過濾器順序:
1. CAS Single Sign Out Filter
2. CAS Validation Filter
3. CAS Authentication Filter
4. CAS HttpServletRequest Wrapper Filter
5. CAS Assertion Thread Local Filter
特別注意Validation在Authentication之前,因為我使用的是Cas20ProxyReceivingTicketValidationFilter。
根據CAS文檔描述:If you are using proxy validation, you should map the validation filter before the authentication filter.
1 <!-- /****cas配置******/ --> 2 3 <filter> 4 <filter-name>characterEncodingFilter</filter-name> 5 <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 6 <init-param> 7 <param-name>encoding</param-name> 8 <param-value>UTF-8</param-value> 9 </init-param> 10 </filter> 11 <filter-mapping> 12 <filter-name>characterEncodingFilter</filter-name> 13 <url-pattern>/*</url-pattern> 14 </filter-mapping> 15 <!-- 與CAS Single Sign Out Filter配合,注銷登錄信息 --> 16 <listener> 17 <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> 18 </listener> 19 <!-- CAS Server 通知 CAS Client,刪除session,注銷登錄信息 --> 20 <filter> 21 <filter-name>CAS Single Sign Out Filter</filter-name> 22 <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> 23 </filter> 24 <filter-mapping> 25 <filter-name>CAS Single Sign Out Filter</filter-name> 26 <url-pattern>/*</url-pattern> 27 </filter-mapping> 28 29 <!-- CAS Client向CAS Server進行ticket驗證 --> 30 <filter> 31 <filter-name>CAS Validation Filter</filter-name> 32 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> 33 <init-param> 34 <param-name>casServerUrlPrefix</param-name> 35 <param-value>http://cas.youjiao.tjxddfdfqjy.com/cas</param-value> 36 </init-param> 37 <init-param> 38 <param-name>serverName</param-name> 39 <param-value>http://xxpt.yodfdfujiao.tjxqjy.com</param-value> 40 </init-param> 41 </filter> 42 43 <filter-mapping> 44 <filter-name>CAS Validation Filter</filter-name> 45 <url-pattern>/system/login/fm.jsp</url-pattern> 46 </filter-mapping> 47 48 <!-- 登錄認證,未登錄用戶導向CAS Server進行認證 --> 49 <filter> 50 <filter-name>CAS Filter</filter-name> 51 <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> 52 <init-param> 53 <param-name>casServerLoginUrl</param-name> 54 <param-value>http://cas.youjiao.tjxqjdcfdy.com/cas/login</param-value> 55 </init-param> 56 <init-param> 57 <param-name>serverName</param-name> 58 <param-value>http://xxpt.youdfdjiao.1tssjxqjy.com</param-value> 59 </init-param> 60 </filter> 61 <filter-mapping> 62 <filter-name>CAS Filter</filter-name> 63 <url-pattern>/system/login/fm.jsp</url-pattern> 64 </filter-mapping> 65 66 <!-- 封裝request, 支持getUserPrincipal等方法 --> 67 <filter> 68 <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> 69 <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> 70 </filter> 71 <filter-mapping> 72 <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> 73 <url-pattern>/*</url-pattern> 74 </filter-mapping> 75 <!-- 存放Assertion到ThreadLocal中 --> 76 <filter> 77 <filter-name>CAS Assertion Thread Local Filter</filter-name> 78 <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> 79 </filter> 80 <filter-mapping> 81 <filter-name>CAS Assertion Thread Local Filter</filter-name> 82 <url-pattern>/*</url-pattern> 83 </filter-mapping>
這樣配置以后基本就解決這個問題了。