How to invalidate user in CAS server

Question

I implement CAS server 4.0 for SSO. I have 3 apps (Spring web MVC with Spring CAS security) connect to CAS server. I configure CAS server to manage ticket by JPA and check authentication in CAS by username. Currently I'm creating forgot-password function for my apps, my issue now is how to invalidate user cookie/session on CAS server (or logout them) after password has been reset (noted that they can log in by a user and execute forgot password for another user). Can we do it with CAS? Any help will be great appreciate. Thank you guys.

Answer 1

I have cas 3.1 implemented and here is what I do:

Controller Method

@RequestMapping(value = "/onCompletePasswordReset.html", method = RequestMethod.GET)
public String completeResetLicense() {
    return "redirect:j_spring_security_logout";
}

Spring Security

<http auto-config='true' entry-point-ref="casEntryPoint">
        <intercept-url pattern="/**" access="ROLE_ADMINISTRATORS" />
        <custom-filter position="CAS_FILTER" ref="casFilter" />
        <logout logout-success-url="/j_spring_cas_security_logout" />
        <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
    </http>
    <beans:bean id="singleLogoutFilter"
        class="org.jasig.cas.client.session.SingleSignOutFilter" />
    <beans:bean id="requestSingleLogoutFilter"
        class="org.springframework.security.web.authentication.logout.LogoutFilter">
        <beans:constructor-arg value="https://cas_server:8443/cas/logout" />
        <beans:constructor-arg>
            <beans:bean
                class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
        </beans:constructor-arg>
        <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
    </beans:bean>