Search code examples
pythonrestcas

how to successfully logout from cas after receiving TGT in rest

Created TGTs on the cas server will stuck. Looking for a way to logout using postman/python requests.

I'm about to send an authentication request to our NMS server which has SSO and CAS (For REST Query). The first step is to send a post request to: https://x.x.x.x:443/cas/v1/tickets with username and password and grant_type=client_credentials in the body.

Then the server will provide a TGT url to proceed with the next step (Service Ticket generation)

The problem is, After receiving the TGT, the server's TGT pool is used up and 1 less user can use the webUI of the server anytime i generate a new TGT to a point where after generating 3-4 TGTs, no user can login and we need to restart the TomCat to reset the TGT pool.

How can i properly send a logout request for the TGT that i've created to free the pool(using postman)? My next step will be creating the request using python instead of postman. My requests result:

<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> <html>
<head>
    <title>201 Created</title>
</head>
<body>
    <h1>TGT Created</h1>
    <form
        action="https://x.x.x.x/cas/v1/tickets/TGT-269-XONFj15axxxxxxxxxxxxxxxI32bYERsZr9hjCIMY2b-nsdnrcp"
        method="POST">Service:<input type="text" name="service" value=""><br><input type="submit" value="Submit"></form>
</body>
</html>

Below is the code i use for logout but it doesn't free up the TGT resources on the server:

def deAuth(casIP,appIP):
        deAuthenticate_URL = f'https://{appIP}:8443/data/deauthenticate'
        commonLogout_URL = f'https://{appIP}:8443/data/common/logout'
        sessionLogout_URL = f'https://{casIP}:443/session-manager/logout'
        casLogout_URL = f'https://{casIP}:443/logout'
        param = {'service':'https://{appIP}:8443/pages/main'}
        deAuthenticate_r = requests.post(deAuthenticate_URL,params=param,verify=False)
        if deAuthenticate_r.status_code != 200:
                print('deAuthenticate failed!')
        commonLogout_r = requests.get(commonLogout_URL,params=param,verify=False)
        if commonLogout_r.status_code != 200:
                print('commonLogout failed!')
        sessionLogout_r = requests.get(sessionLogout_URL,params=param,verify=False)
        if sessionLogout_r.status_code != 200:
                print('sessionLogout failed!')
        casLogout_r = requests.get( casLogout_URL,params=param,verify=False)
        if casLogout_r.status_code != 200:
                print('casLogout failed!')
        print('Logout attempt is completed!')

All the requests in the above code will result in 200, but the TGT is still valid. Do i need to include the TGT in my logout request as well?

The expected result will be to invalidate the TGT ticket so other users and login to the Webui of the server.

Solution

  • DELETE /cas/v1/tickets/TGT-fdsjfsdfjkalfewrihfdhfaie HTTP/1.0

    Above request is the solution as mentioned by leopal