forked from kcbanner/node-cas
-
Notifications
You must be signed in to change notification settings - Fork 15
Single Sign out
joshchan edited this page Aug 23, 2012
·
2 revisions
One of the newer features of CAS is its support for single sign-out.
Normally when users log out from one site, they are directed to the CAS server to end their session and return them back. With single sign-out, the CAS server takes the additional step of notifying all the other sites the users have logged on to, so they can also end their sessions there. Note that for this to work, the site must be contactable by the CAS server.
This module has built-in support for this under the Express framework.
// Initialize CAS
var CAS = require('cas');
var cas = new CAS({
base_url: 'https://my-cas-server.example.com/cas',
version: 2.0,
// An array of server IP addresses that you trust to make sign out requests.
// Optional. But you really should specify this for good security.
sso_servers: [ 192.168.1.1, 192.168.1.2 ]
});Somewhere in your page startup routine, add a call to handleSingleSignout(). It must come before authenticate(). Here is an example
var singleSignout = function(req, res, next) {
cas.handleSingleSignout(req, res, next, function(ticket) {
// Handle single sign-out request.
// Use the `ticket` to look up the user's stored session.
// Then delete the session.
// Execution will not proceed further if this was a single sign out request.
// Otherwise, `next()` will automatically be called.
});
}
var login = function(req, res, next) {
cas.authenticate(req, res, function(err, status, username, extended) {
// Handle login
// Save the session with the CAS ticket
var ticket = extended.ticket;
// Keep track of the ticket together with the user's session.
// This will let you find the session when given the ticket later.
});
}
app.get('/some/private/page', [singleSignout, login], function(req, res, next) {
// User is now logged in.
// Do whatever...
});