Versions Compared

Old Version 3

changes.mady.by.user Scott Amerson

Saved on

compared with

New Version Current

changes.mady.by.user Corey Owens

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

How do I logout in Sakai so that DistAuth cookies are deleted?

During normal logout in Sakai, only the Sakai session information is cleared. To ensure that the DistAuth cookies are deleted also, one must modify the LoginTool.java file in the sakai-2-0-1-src\login\login\src\java\org\sakaiproject\tool\login directory. An additional parameter can be added to the sakai.properties file so that the logout url is correctly referenced.

Steps involved, for Sakai 2.

...

1.x

#11. modify the complete() method to be the following:

Code Block

protected void complete(String returnUrl, Session session, Tool tool, HttpServletResponse res, String reply) throws IOException
	{
		//added info by Scott Amerson to include logout url for secureweb
				
		
		// cleanup session
		if (session != null)
		{
			session.removeAttribute(Tool.HELPER_MESSAGE);
			session.removeAttribute(Tool.HELPER_DONE_URL);
			session.removeAttribute(ATTR_MSG);
			session.removeAttribute(ATTR_RETURN_URL);
			session.removeAttribute(ATTR_CONTAINER_CHECKED);
		}

		// redirect to the done URL
		//only send user to secureweb on /logout path, not /xlogin or /login
                if (reply.equals("logout"))
		{
		String LogOutURL = ServerConfigurationService.getString("secureweb.logoutURL", "");
		res.sendRedirect(LogOutURL + res.encodeRedirectURL(returnUrl));	
		}
		else
		{	
		res.sendRedirect(res.encodeRedirectURL(returnUrl));
		}
	}

#2. Add the following secureweb logout url value to the Tomcat/sakai/sakai.properties file:

secureweb.logoutURLApply the BasicConfigurationService patch that Jon G made, located at: https://mware.ucdavis.edu/svn/ucdsakai/branches/archive/sakai-2-1-x/legacy.diff
to the root of sakai-src, so that the logout functionality will clear the cookies.

**Here are the contents of that patch

Code Block

Index: legacy/component/src/java/org/sakaiproject/component/framework/config/BasicConfigurationService.java
===================================================================
--- legacy/component/src/java/org/sakaiproject/component/framework/config/BasicConfigurationService.java	(revision 12171)
+++ legacy/component/src/java/org/sakaiproject/component/framework/config/BasicConfigurationService.java	(working copy)
@@ -28,6 +28,7 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.InputStream;
+import java.text.MessageFormat;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -330,6 +331,9 @@
 		String rv = (String) m_properties.get("loggedOutUrl");
 		if (rv != null)
 		{
+			// Format the server URL into the string at location 0
+			rv = MessageFormat.format(rv, new Object[]{getServerUrl()});
+			
 			// if not a full URL, add the server to the front
 			if (rv.startsWith("/"))
 			{

2. Have a value in your sakai.properties of:

Code Block

loggedOutUrl=https://secureweb.ucdavis.edu/form-auth/logout?{0}/portal

This logout url will direct Sakai to secureweb to logout the cookies properly, and redirect the user to the intended url.