Re: [Geoserver-users] GeoServer Web UI Logout

[Danny Cheng]

Hi Christian:

Here is the JIRA issue.


From: Christian Mueller [mailto:christian.muel...@os-solutions.at]
Sent: Wednesday, September 03, 2014 12:43 AM
To: Danny Cheng
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] GeoServer Web UI Logout

Hi Danny

The casUrlInCaseLogoutPage is intended to be shown at the CAS logout page for a 
fast relogin. Sorry my fault. What you need is a new configuration option like

"GeoServer UI logout button should trigger a CAS logout"

Can you open a JIRA issue ?

Christian



On Tue, Sep 2, 2014 at 8:31 PM, Danny Cheng 
<dch...@mdacorporation.com<mailto:dch...@mdacorporation.com>> wrote:
Hi Christian:

Thanks for the recommendation, I didn’t realize that it was an optional field 
in the configuration. However, I just tried removing the URL and it still logs 
me out of CAS. I believe the problem is because in initializeFromConfig() 
casLogoutURL is set regardless if a logout URL is specified.

casLogoutURL=GeoServerCasConstants.createCasURl(authConfig.getCasServerUrlPrefix(),
 GeoServerCasConstants.LOGOUT_URI);
if (StringUtils.hasLength(authConfig.getUrlInCasLogoutPage()))
casLogoutURL+="?"+GeoServerCasConstants.LOGOUT_URL_PARAM+"="+URLEncoder.encode(authConfig.getUrlInCasLogoutPage(),"utf-8");

Should casLogoutURL be only set if 
StringUtils.hasLength(authConfig.getUrlInCasLogoutPage()) is true? I’ve tested 
this and it seems to work.

Thanks,
Danny

From: Christian Mueller 
[mailto:christian.muel...@os-solutions.at<mailto:christian.muel...@os-solutions.at>]
Sent: Monday, September 01, 2014 7:04 AM
To: Danny Cheng
Cc: 
geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>
Subject: Re: [Geoserver-users] GeoServer Web UI Logout

Hi Danny

Did you you specify a logout URL in your CAS authentication filter 
configuration. If not, the logout should not happen.

Cheers
Christian

On Thu, Aug 28, 2014 at 7:50 PM, Danny Cheng 
<dch...@mdacorporation.com<mailto:dch...@mdacorporation.com>> wrote:
I found the problem or maybe just working as intended. Inside 
GeoServerCasAuthenticationFilter it overrides logout() which updates the 
GeoServerLogoutFilter logout URL to point to the CAS logout URL set in 
initializeFromConfig() override.

    @Override
    public void initializeFromConfig(SecurityNamedServiceConfig config) throws 
IOException {
        super.initializeFromConfig(config);


        CasAuthenticationFilterConfig authConfig =
                (CasAuthenticationFilterConfig) config;

        validator = new 
GeoServerCas20ProxyTicketValidator(authConfig.getCasServerUrlPrefix());
        validator.setAcceptAnyProxy(true);
        validator.setProxyGrantingTicketStorage(pgtStorageFilter);

        validator.setRenew(authConfig.isSendRenew());
        if (StringUtils.hasLength(authConfig.getProxyCallbackUrlPrefix()))
                
validator.setProxyCallbackUrl(GeoServerCasConstants.createProxyCallBackURl(authConfig.getProxyCallbackUrlPrefix()));

        
casLogoutURL=GeoServerCasConstants.createCasURl(authConfig.getCasServerUrlPrefix(),
 GeoServerCasConstants.LOGOUT_URI);
        if (StringUtils.hasLength(authConfig.getUrlInCasLogoutPage()))
                
casLogoutURL+="?"+GeoServerCasConstants.LOGOUT_URL_PARAM+"="+URLEncoder.encode(authConfig.getUrlInCasLogoutPage(),"utf-8");

        singleSignOut=authConfig.isSingleSignOut();
        aep = new GeoServerCasAuthenticationEntryPoint(authConfig);
    }

    @Override
    public void logout(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) {
            
request.setAttribute(GeoServerLogoutFilter.LOGOUT_REDIRECT_ATTR,casLogoutURL);
    }

Because of this, when I click logout from the web UI, it ends up logging me out 
of the web UI, CAS, and CAS clients.

Thanks,
Danny


From: Danny Cheng
Sent: Wednesday, August 27, 2014 2:41 PM
To: 
geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>
Subject: GeoServer Web UI Logout

Hi Everyone:

I have GeoServer integrated with CAS to authenticate WMS service requests, but 
I want to keep the web UI to authenticate using the default form method. I 
added a new CAS filter that is only applicable to my particular WMS ANT pattern 
and it is working as expected for what I want. However, when I click logout 
from the web UI, it redirects me to CAS logout page, but I don’t want that. 
This effectively signed me out of all the other CAS clients as well (I have 
single logout enabled). I was expecting to be redirected to the web UI login 
page. Am I wrong?

Thanks,
Danny


------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/geoserver-users



--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH




--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH


------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users