Logout workflow with Delegated Auth

[Julien Gribonvald]

Hi,

I can't find in documentation how the logout should work with delegated
Authentification (from pac4j module as example).

I'm looking on the workflow when the global logout is initiated from the
CAS (or from a service to the CAS), is there a way to propagate it to
the IDP which the user connected ? I can't have this working with a SAML
IDP whereas metadatas have the SLOLogout url information provided.

Also is it working when the logout request come from the SAML IDP ?

How this should work, what are the requirements ? I'm using the CAS V6
master branch.

Thanks,

--
Julien Gribonvald

[Julien Gribonvald]

To add some informations from my previous message:

- from CAS I have this log :

DEBUG [org.apereo.cas.web.flow.DelegatedAuthenticationSAML2ClientLogoutAction] - <The current client is not a SAML2 client or it cannot be found at all, no logout action will be executed.>

after debugging into the code to find if a client is a SAML2Client a profile should be provisionned, but it's not the case so it returns each time a null client.

What is missing here ? should a profile be provisionned and how in this case ? Or there is a problem with a wrong check ?

I could fix that but let me know what is to good way to do.

Thansk

[Julien Gribonvald]

After more debuging on this problem it seems that the session can't be retrieved whereas all element where saved in the session store. The requestContext doesn't contains any session at the logout process (event if the action is called before the terminateSessionState and so only a new session is available. But cookies are again available !

Where is the problem ? the webflow can't provide a session is there some configuration needed ?

Thanks

[zl anson]

I have the same issue, delegated CAS to other idp used pac4j, login is fine,but when logout, the Userprofile's information is gone, no nameid,so the IDP return error, SLO cannot accomplished
在 2019年7月4日星期四 UTC+8下午7:16:17，Julien Gribonvald写道：