问题1: 我登录了client2,又登录了client3,现在我把client2退出了,在client3里面我F5刷新了一下,结果页面报错:
未能够识别出目标 'ST-41-2VcnVMguCDWJX5zHaaaD-cas01.example.org'票根
问题2:登录了client,然后退出,再重新输入用户名,结果页面也会报错 验证 'ST-41-2VcnVMguCDWJX5zHaaaD-cas01.example.org'失败
解决方法:自己测试了多遍并在网上做了参考后修改,最后验证成功,之后就不报错了。解决办法如下:
单点登出,客户端配置。我尝试使用SAML作为认证和Ticket校验,但是调试时发现单点登出取标识的方式只能识别CAS的认证和校验。
认证:org.jasig.cas.client.authentication.AuthenticationFilter
校验:org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
过滤器顺序:
1. CAS Single Sign Out Filter
2. CAS Validation Filter
3. CAS Authentication Filter
4. CAS HttpServletRequest Wrapper Filter
5. CAS Assertion Thread Local Filter
特别注意Validation在Authentication之前,因为我使用的是Cas20ProxyReceivingTicketValidationFilter。
根据CAS文档描述:If you are using proxy validation, you should map the validation filter before the authentication filter.
1 <!-- /****cas配置******/ --> 2 3 <filter> 4 <filter-name>characterEncodingFilter</filter-name> 5 <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 6 <init-param> 7 <param-name>encoding</param-name> 8 <param-value>UTF-8</param-value> 9 </init-param> 10 </filter> 11 <filter-mapping> 12 <filter-name>characterEncodingFilter</filter-name> 13 <url-pattern>/*</url-pattern> 14 </filter-mapping> 15 <!-- 与CAS Single Sign Out Filter配合,注销登录信息 --> 16 <listener> 17 <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> 18 </listener> 19 <!-- CAS Server 通知 CAS Client,删除session,注销登录信息 --> 20 <filter> 21 <filter-name>CAS Single Sign Out Filter</filter-name> 22 <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> 23 </filter> 24 <filter-mapping> 25 <filter-name>CAS Single Sign Out Filter</filter-name> 26 <url-pattern>/*</url-pattern> 27 </filter-mapping> 28 29 <!-- CAS Client向CAS Server进行ticket验证 --> 30 <filter> 31 <filter-name>CAS Validation Filter</filter-name> 32 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> 33 <init-param> 34 <param-name>casServerUrlPrefix</param-name> 35 <param-value>http://cas.youjiao.tjxddfdfqjy.com/cas</param-value> 36 </init-param> 37 <init-param> 38 <param-name>serverName</param-name> 39 <param-value>http://xxpt.yodfdfujiao.tjxqjy.com</param-value> 40 </init-param> 41 </filter> 42 43 <filter-mapping> 44 <filter-name>CAS Validation Filter</filter-name> 45 <url-pattern>/system/login/fm.jsp</url-pattern> 46 </filter-mapping> 47 48 <!-- 登录认证,未登录用户导向CAS Server进行认证 --> 49 <filter> 50 <filter-name>CAS Filter</filter-name> 51 <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> 52 <init-param> 53 <param-name>casServerLoginUrl</param-name> 54 <param-value>http://cas.youjiao.tjxqjdcfdy.com/cas/login</param-value> 55 </init-param> 56 <init-param> 57 <param-name>serverName</param-name> 58 <param-value>http://xxpt.youdfdjiao.1tssjxqjy.com</param-value> 59 </init-param> 60 </filter> 61 <filter-mapping> 62 <filter-name>CAS Filter</filter-name> 63 <url-pattern>/system/login/fm.jsp</url-pattern> 64 </filter-mapping> 65 66 <!-- 封装request, 支持getUserPrincipal等方法 --> 67 <filter> 68 <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> 69 <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> 70 </filter> 71 <filter-mapping> 72 <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> 73 <url-pattern>/*</url-pattern> 74 </filter-mapping> 75 <!-- 存放Assertion到ThreadLocal中 --> 76 <filter> 77 <filter-name>CAS Assertion Thread Local Filter</filter-name> 78 <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> 79 </filter> 80 <filter-mapping> 81 <filter-name>CAS Assertion Thread Local Filter</filter-name> 82 <url-pattern>/*</url-pattern> 83 </filter-mapping>
这样配置以后基本就解决这个问题了。