CAS单次注销票无效

Question

I triggered CAS Single Sign Out event by visit https://xx/cas-server/logout?service=myservice , and CAS POST a request to myservice ( http://test.ogg:8080/cas ) with the body：

<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-329-TxwPlscwOydLQH0JD0R2AKmOr4ew5FdiKN2" Version="2.0" IssueInstant="2016-07-15T08:21:38Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-329-lNWcDWJIW0Ve7ij9gsNG-cas</samlp:SessionIndex></samlp:LogoutRequest>

I have customised logout logic, so used the ticket in <samlp:SessionIndex>ST-329-lNWcDWJIW0Ve7ij9gsNG-cas</samlp:SessionIndex> to call https://xx/cas-server/validateService？service=myservice&ticket=ST-329-lNWcDWJIW0Ve7ij9gsNG-cas , but CAS report ticket invalid：

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> Ticket &#039;ST-329-lNWcDWJIW0Ve7ij9gsNG-cas&#039; not recognized </cas:authenticationFailure>

Here is the log from CAS server:

2016-07-15 08:21:38,334 DEBUG [org.jasig.cas.logout.SamlCompliantLogoutMessageCreator.create(SamlCompliantLogoutMessageCreator.java:53)] - Generated logout message: [<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="LR-328-qwK2GgGVhRlRtu9QtebIoXIo30iwd4dWWwu" Version="2.0" IssueInstant="2016-07-15T08:21:38Z"><saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID><samlp:SessionIndex>ST-329-lNWcDWJIW0Ve7ij9gsNG-cas</samlp:SessionIndex></samlp:LogoutRequest>]

2016-07-15 08:21:38,334 DEBUG [org.jasig.cas.logout.LogoutManagerImpl.performBackChannelLogout(LogoutManagerImpl.java:143)] - Sending logout request for: [http://test.ogg:8080/cas]

2016-07-15 08:21:38,334 DEBUG [org.jasig.cas.util.SimpleHttpClient$MessageSender.call(SimpleHttpClient.java:297)] - Attempting to access http://test.ogg:8080/cas

2016-07-15 08:21:38,371 DEBUG [org.jasig.cas.web.support.AbstractArgumentExtractor.extractService(AbstractArgumentExtractor.java:45)] - Extractor generated service for: http://test.ogg:8080/cas

2016-07-15 08:21:38,372 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry.getTicket(DefaultTicketRegistry.java:80)] - Attempting to retrieve ticket [ST-329-lNWcDWJIW0Ve7ij9gsNG-cas]

2016-07-15 08:21:38,372 INFO [org.jasig.cas.CentralAuthenticationServiceImpl.validateServiceTicket(CentralAuthenticationServiceImpl.java:413)] - ServiceTicket [ST-329-lNWcDWJIW0Ve7ij9gsNG-cas] does not exist.

It seems the ticket was expired in 1 second?

Answer 1

When you have logged out, you have logged out. There is nothing further for you to do. Everything is gone. You can't validate something that is destroyed.