【发布时间】:2016-11-18 01:59:14
【问题描述】:
我通过访问https://xx/cas-server/logout?service=myservice触发了CAS Single Sign Out事件,CAS POST一个请求到myservice(http://test.ogg:8080/cas)的body:
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-329-TxwPlscwOydLQH0JD0R2AKmOr4ew5FdiKN2" Version="2.0" IssueInstant="2016-07-15T08:21:38Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-329-lNWcDWJIW0Ve7ij9gsNG-cas</samlp:SessionIndex></samlp:LogoutRequest>
我自定义了注销逻辑,所以用<samlp:SessionIndex>ST-329-lNWcDWJIW0Ve7ij9gsNG-cas</samlp:SessionIndex>中的ticket调用https://xx/cas-server/validateService?service=myservice&ticket=ST-329-lNWcDWJIW0Ve7ij9gsNG-cas,但是CAS报告ticket无效:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_TICKET'>
Ticket 'ST-329-lNWcDWJIW0Ve7ij9gsNG-cas' not recognized
</cas:authenticationFailure>
这是来自 CAS 服务器的日志:
2016-07-15 08:21:38,334 DEBUG [org.jasig.cas.logout.SamlCompliantLogoutMessageCreator.create(SamlCompliantLogoutMessageCreator.java:53)] - Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-328-qwK2GgGVhRlRtu9QtebIoXIo30iwd4dWWwu" Version="2.0" IssueInstant="2016-07-15T08:21:38Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-329-lNWcDWJIW0Ve7ij9gsNG-cas</samlp:SessionIndex></samlp:LogoutRequest>]
2016-07-15 08:21:38,334 DEBUG [org.jasig.cas.logout.LogoutManagerImpl.performBackChannelLogout(LogoutManagerImpl.java:143)] - Sending logout request for: [http://test.ogg:8080/cas]
2016-07-15 08:21:38,334 DEBUG [org.jasig.cas.util.SimpleHttpClient$MessageSender.call(SimpleHttpClient.java:297)] - Attempting to access http://test.ogg:8080/cas
2016-07-15 08:21:38,371 DEBUG [org.jasig.cas.web.support.AbstractArgumentExtractor.extractService(AbstractArgumentExtractor.java:45)] - Extractor generated service for: http://test.ogg:8080/cas
2016-07-15 08:21:38,372 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry.getTicket(DefaultTicketRegistry.java:80)] - Attempting to retrieve ticket [ST-329-lNWcDWJIW0Ve7ij9gsNG-cas]
2016-07-15 08:21:38,372 INFO [org.jasig.cas.CentralAuthenticationServiceImpl.validateServiceTicket(CentralAuthenticationServiceImpl.java:413)] - ServiceTicket [ST-329-lNWcDWJIW0Ve7ij9gsNG-cas] does not exist.
票好像还有 1 秒就过期了?
【问题讨论】: