...
How
...
do
...
I
...
logout
...
in
...
Sakai
...
so
...
that
...
DistAuth
...
cookies
...
are
...
deleted?
...
During
...
normal
...
logout
...
in
...
Sakai,
...
only
...
the
...
Sakai session information is cleared.
...
To
...
ensure
...
that
...
the
...
DistAuth
...
cookies
...
are
...
deleted also,
...
one
...
must
...
modify
...
the
...
LoginTool.java
...
file
...
in
...
the
...
sakai-2-0-1-src\login\login\src\java\org\sakaiproject\tool\login
...
directory.
...
An
...
additional
...
parameter
...
can
...
be
...
added
...
to
...
the
...
sakai.properties
...
file
...
so
...
that
...
the
...
logout
...
url
...
is
...
correctly
...
referenced.
...
Steps
...
involved, for Sakai 2.1.x
1. Apply the BasicConfigurationService patch that Jon G made, located at: https://mware.ucdavis.edu/svn/ucdsakai/branches/archive/sakai-2-1-x/legacy.diff
to the root of sakai-src, so that the logout functionality will clear the cookies.
**Here are the contents of that patch
Code Block |
---|
Index: legacy/component/src/java/org/sakaiproject/component/framework/config/BasicConfigurationService.java =================================================================== --- legacy/component/src/java/org/sakaiproject/component/framework/config/BasicConfigurationService.java (revision 12171) +++ legacy/component/src/java/org/sakaiproject/component/framework/config/BasicConfigurationService.java (working copy) @@ -28,6 +28,7 @@ import java.io.File; import java.io.FileInputStream; import java.io.InputStream; +import java.text.MessageFormat; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -330,6 +331,9 @@ String rv = (String) m_properties.get("loggedOutUrl"); if (rv != null) { + session.removeAttribute(Tool.HELPER_MESSAGE); session.removeAttribute(Tool.HELPER_DONE_URL); session.removeAttribute(ATTR_MSG); session.removeAttribute(ATTR_RETURN_URL); session.removeAttribute(ATTR_CONTAINER_CHECKED); } // Format the server URL into the string at location 0 + rv = MessageFormat.format(rv, new Object[]{getServerUrl()}); + // redirectif tonot thea donefull URL, //only send useradd the server to secureweb on /logout path, not /xlogin or /login if (reply.equals("logout")) { String LogOutURL = ServerConfigurationService.getString("secureweb.logoutURL", ""); res.sendRedirect(LogOutURL + res.encodeRedirectURL(returnUrl)); } else { res.sendRedirect(res.encodeRedirectURL(returnUrl)); } } <code> #2. Add the following secureweb logout url value to the Tomcat/sakai/sakai.properties file: secureweb.logoutURLthe front if (rv.startsWith("/")) { |
2. Have a value in your sakai.properties of:
Code Block |
---|
loggedOutUrl=https://secureweb.ucdavis.edu/form-auth/logout?{0}/portal |
This
...
logout
...
url
...
will
...
direct
...
Sakai
...
to
...
secureweb
...
to
...
logout
...
the
...
cookies
...
properly,
...
and
...
redirect
...
the
...
user
...
to
...
the
...
intended
...
url.