Does nuxeo support CAS single sign out ?

Discussion:

Jackie Ju

2010-06-17 23:36:02 UTC

Hi,

My nuxeo was configured to autheticate by CAS proxy-ticket. The CAS single
sign-on works perfect.
Now we need to make nuxeo auto-logout when user logout from CAS. But I don't
know whether CAS single sign-out solution is the right way, because nuxeo
seems using cookie to maintain session. And does nuxeo support CAS single
sign-out ? Or does nuxeo has some other solution to do this ?

Really appreciate if anyone give help on this.
Thank you very much !

--
Best Regards,
Jackie Ju

Thierry Delprat

2010-06-17 23:55:19 UTC

Permalink

Hi,

If I remember well, you can configure Nuxeo to logout from CAS when
you use the Nuxeo Logout
See the logoutUrl parameter in the CAS2Plugin
http://doc.nuxeo.org/5.3/books/nuxeo-book/html/auth-users-groups.html

If what you want is logout from Nuxeo when you logout from CAS server
directly, I don't know mechanism are provided by CAS server for that.
Since Nuxeo DM use HTTP Session and cookie, call to nuxeo logout url
has to be made from the client's browser ...

If you can explain how you would like it to work, may be we can help.

Tiry

Post by Jackie Ju
Hi,
My nuxeo was configured to autheticate by CAS proxy-ticket. The CAS single
sign-on works perfect.
Now we need to make nuxeo auto-logout when user logout from CAS. But I don't
know whether CAS single sign-out solution is the right way, because nuxeo
seems using cookie to maintain session. And does nuxeo support CAS single
sign-out ? Or does nuxeo has some other solution to do this ?
Really appreciate if anyone give help on this.
Thank you very much !
--
Best Regards,
Jackie Ju
_______________________________________________
ECM mailing list
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm

Jackie Ju

2010-06-18 00:23:34 UTC

Permalink

Hi Thierry,

Many thanks for your help !

We use CAS as single sign-on solution. Nuxeo is used by our main
application, and configured to be authenticated by cas proxy-ticket
After user login CAS and trying to use nuxeo, application will generate
proxy ticket and pass to nuxeo in url (e.g. http://hostname:port
/nuxeo/nxpath/default/default-***@user_dashboard
?proxyTicket=ST-4-OcZVEP90z7H2faT4E7LW-cas&proxyKey=true&service=
http://localhost:8280/nuxeo), then nuxeo know who is logging in, by the
nuxeo cas2 plug-in.
That's the way we use nuxeo.

But now the problem is, when user logout from our main application( actually
logout from CAS), nuxeo still can be access with this session, which is
leading security problem.

So what do think the best way to solve it ?

Thanks again.

Post by Thierry Delprat
Hi,
If I remember well, you can configure Nuxeo to logout from CAS when
you use the Nuxeo Logout
See the logoutUrl parameter in the CAS2Plugin
http://doc.nuxeo.org/5.3/books/nuxeo-book/html/auth-users-groups.html
If what you want is logout from Nuxeo when you logout from CAS server
directly, I don't know mechanism are provided by CAS server for that.
Since Nuxeo DM use HTTP Session and cookie, call to nuxeo logout url
has to be made from the client's browser ...
If you can explain how you would like it to work, may be we can help.
Tiry

Post by Jackie Ju
Hi,
My nuxeo was configured to autheticate by CAS proxy-ticket. The CAS

single

Post by Jackie Ju
sign-on works perfect.
Now we need to make nuxeo auto-logout when user logout from CAS. But I

don't

Post by Jackie Ju
know whether CAS single sign-out solution is the right way, because nuxeo
seems using cookie to maintain session. And does nuxeo support CAS single
sign-out ? Or does nuxeo has some other solution to do this ?
Really appreciate if anyone give help on this.
Thank you very much !
--
Best Regards,
Jackie Ju
_______________________________________________
ECM mailing list
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm

--
Best Regards,
Jackie Ju