AnsweredAssumed Answered

Logout from external SSO (CAS)

Question asked by sorin_postelnicu on Jun 13, 2016
Latest reply on Sep 26, 2016 by sorin_postelnicu
Hello everyone!

In our custom Alfresco Share 4.2 application we are integrating with an external SSO Central Authentication System (CAS), and we have the following problem: whenever the user tries to logout from Share, they are redirected to the /share page, which is intercepted by the CAS filter which then automatically logs them back in (since they never logged-out from the CAS).

We are trying to intercept in JavaScript (in LogoutService.js) the XHR call to the "dologout" controller, so that after the dologout is performed, we can redirect the browser to the CAS logout page.

But this does not work, for the following reason: the SlingshotLogoutController is normally returning an HTTP 401 code; and then the serviceXhr function from Alfresco CoreXhr.js receives this 401 and redirects the browser to the /share page. (This is done because the serviceXhr function thinks that the user tried an AJAX call request while the session had expired, so they assumed that in this case the browser should be redirected to the Share homepage. But in the case of dologout we don't want the user to be redirected to /share, but instead we want to redirect the user to the CAS logout page.)

Is our only option just to modify the implementation of CoreXhr.serviceXhr() and check if the called URL was Alfresco.constants.URL_PAGECONTEXT + "dologout" to skip the redirection in that case?

Did any of you have to deal with integration with external SSO in the past?

Outcomes