23198

Jasig CAS SSO .NET client not logging out from other apps

Question:

I am using the Jasig CAS .NET client to authenticate in my application using SSO from a server. I have implemented everything just like the documentation says and added [Authorize] in all my controllers.

Log in is working fine from my app and the one I'm trying to integrate with. I can log in from either app and the user is authenticated.

The problem is with the log out. If I log out from the other app, the user will still have access in my application.

Is this because CAS log off can't delete the cookies? Or am I doing something wrong?

Answer1:

You are still logged in to your web app because the authentication information is stored in a cookie and your web app (or the .NET CAS client) does not check on every page request whether you're still logged in on the CAS server. The cookie is used for that until it expires.

So basically the CAS server has to have a <em>Single Sign-Out</em> page which logs out the user from all web applications using that CAS server, including yours. The CAS server has to be configured to call a <em>Logout</em> page in your web app, which in turn abandons the ASP.NET session and deletes the authentication cookie. The CasAuthentication.SingleSignOut() method does this for you.

Recommend

  • Session management in GWT client side
  • IP and domain create different session
  • web shop (shopping cart) on google app engine
  • Selenium and Google - How do you use cookies?
  • How to make a user wait with Laravel
  • Using SWIG with a build system [closed]
  • PHP multiple file uploads
  • Meteor: Do Something On Email Verification Confirmation
  • Adding a button at the bottom of a table view
  • Jenkins: How To Build multiple projects from a TFS repository?
  • Getting last autonumber in access
  • req.body is undefined - nodejs
  • Volley JsonObjectRequest send headers in GET Request
  • Is there a amazon webstore API for customers?
  • Sony Xperia Z Tablet not found by adb
  • How to get a value (ex: baseURL) in every Karate feature?
  • How to recover from a Spring Social ExpiredAuthorizationException
  • Perl system calls when running as another user using sudo
  • Where to put my custom functions in Wordpress?
  • In LanguageTool, how do you create a dictionary and use it for spell checking?
  • Can a Chrome extension content script make an jQuery AJAX request for an html file that is itself a
  • Symfony2: How to get request parameter
  • Upload files with Ajax and Jquery
  • How can I estimate amount of memory left with calling System.gc()?
  • Delete MySQLi record without showing the id in the URL
  • Akka Routing: Reply's send to router ends up as dead letters
  • GridView Sorting works once only
  • RestKit - RKRequestDelegate does not exist
  • Is there a mandatory requirement to switch app.yaml?
  • Matrix multiplication with MKL
  • AngularJs get employee from factory
  • WPF Applying a trigger on binding failure
  • Proper way to use connect-multiparty with express.js?
  • Hits per day in Google Big Query
  • File not found error Google Drive API
  • Authorize attributes not working in MVC 4
  • Busy indicator not showing up in wpf window [duplicate]
  • Converting MP3 duration time
  • Python/Django TangoWithDjango Models and Databases
  • Net Present Value in Excel for Grouped Recurring CF