如何使Siteminder会话无效
[英]How to invalidate siteminder session
问题描述
We are using Siteminder for authentication and we are using Angular js which is Stateless. 
我们正在使用Siteminder进行身份验证,并且正在使用无状态的Angular js。
How can I invalidate Siteminder Session. 如何使Siteminder会话无效。 I have configured below in Spring Security. 我已经在Spring Security中进行了以下配置。 But it is not working for me. 但这对我不起作用。
In HTML 在HTML中
<a href="../../logout">Sign Out</a></li>
In Spring Security 在Spring Security中
<logout delete-cookies="JSESSIONID,SMSESSION" invalidate-session="true" logout-url="/logout" logout-success-url="/Logout.html" />
In Logout.html we are providing a link to go to login page again. 在Logout.html中,我们提供了一个链接,可以再次进入登录页面。 On clicking this, it should go to siteminder login page. 单击此按钮后,应转到siteminder登录页面。 But it is loading our welcome page instead. 但是它正在加载我们的欢迎页面。
We are thinking of invalidating SMSESSION so that the app will redirect to siteminder on clicking "Go To Login Page". 我们正在考虑使SMSESSION无效,以便在单击“转到登录页面”时该应用程序将重定向到siteminder。 Can some one assist me on this. 有人可以帮助我吗?
Update1 I tried setting SMSESSION=LOGGEDOFF in bot request and response objects of rest controller. UPDATE1我试图在机器人请求和其余控制器的响应对象设定SMSESSION = LOGGEDOFF。 But It is not working as there is no session maintained for angular and setting them in request/response just didnt help me 但是它没有用,因为没有维护角度的会话并将其设置为请求/响应只是没有帮助我
1 个解决方案
解决方案1
0 2016-08-31 11:51:10
First of all, a HTTP trace would help a lot diagnosing this issue in practice. 首先,HTTP跟踪将在实际中帮助诊断很多问题。
Now for the theory: Removing the SMSESSION cookie from the client is an effective way of logging off the user IF the Siteminder Session Store is not used and CookieProviders are not used . 现在开始讨论理论: 如果未使用Siteminder会话存储并且未使用CookieProviders,则从客户端删除SMSESSION cookie是注销用户的有效方法。 Otherwise, it leaves the session still active on Siteminder side. 否则,它将使会话在Siteminder端仍保持活动状态。
The proper, Siteminder supported way to do it is as such: Siteminder支持的正确方法如下:
Your Siteminder administrator should be able to provide you an URI that will trigger proper Siteminder Logout. 您的Siteminder管理员应该能够为您提供一个URI,以触发适当的Siteminder注销。 This URI is configured in the parameter LogoffUri in the involved agent ACO. 在所涉及的代理程序ACO的参数LogoffUri中配置此URI。
When any user with an active Siteminder session reaches this URI, the Siteminder Webagent and Policy Servers will: 当具有活动Siteminder会话的任何用户访问此URI时,Siteminder Webagent和策略服务器将:
invalidate session data in Siteminder Session Store, if it is configured (by default it is not)
如果配置了Siteminder会话存储中的会话数据,则该数据无效(默认情况下未配置) if CookieProvider is used, it will trigger the appropriate redirections to remove cookies from all other cookie domains.
如果使用CookieProvider,它将触发适当的重定向,以从所有其他cookie域中删除cookie。 add a "Set-Cookie: SMSESSION=LOGGEDOFF" header to the response (either a 302 if redirecting to the login page or 200 if the page is not protected).
在响应中添加“ Set-Cookie:SMSESSION = LOGGEDOFF”标头(如果重定向到登录页面,则为302;如果该页面不受保护,则为200)。 That will invalidate SMSESSION on client side. 这将使客户端的SMSESSION无效。 apply the defined Siteminder policy, if any (if the URI is protected, then the authentication scheme will apply, otherwise, the underlying WebServer will process the page)
应用定义的Siteminder策略(如果有)(如果URI受保护,则将应用身份验证方案,否则,基础WebServer将处理该页面)
When the user does not have a valid SMSESSION (and "LOGGEDOFF" is not a valid SMSESSION), he is considered as actually loggedoff. 当用户没有有效的SMSESSION(并且“ LOGGEDOFF”不是有效的SMSESSION)时,则认为他实际上已注销。
Official doc is here (not that it is of much help...) https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?agent-guide.html 官方文档在这里(不是很有帮助...) https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/index。 htm?toc.htm?agent-guide.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.