Logout Redirect Issue

[Smith, Daniel]

I am working on upgrading our CAS instance from 6.1 to 6.5. I have been able to get everything working as expected except the logout redirect.

I am using the parameter:

cas.logout.follow-service-redirects=true

I have tried using the parameter for a redirect and setting the global redirect.

If you enter the logout url directly in the browser, it correctly sends back a 302 and the browser is redirected.

If we have an app that sends the browser to the cas logout url, cas sends back a 200 response with a blank screen.

Anyone have any ideas?

Thanks,

Dan

[Dan S]

I have some more information after testing yesterday.

I thought it was specific to the logout sent from my app but it's not. If I go to cas/login I can see all my information. If I use the logout link there with no redirect, it logs out of cas. I

If I enter cas/logout with a service redirect url in the browser, it goes to a blank screen. If I press enter on the url again while on the blank screen - it works. The only difference I can see in debug is that it recognizes that there is no cas session to terminate and it continues on to the service redirect. The debug for the first entry appears to work correctly -- the only part that seems to be missing is the last line that indicates it redirected to the external url.

If I use the cas.logout.redirect-url= parameter, the logout link on the page doesn't work. It just goes to the blank page. I can tell that cas has been logged out. It definitely doesn't continue to the redirect url or correctly show the cas logout page.

I am using a delegated login. In testing today, I am planning to enable to regular login and see if logout works with that.

Dan

[Smith, Daniel]

Filipe,

In my scenario it had to do with a warning that started appearing in 6.3. The idp metadata I had did not provide an entry for SingleLogoutService using POST. After enabling debug, I could see this warning appearing when I logged out.

I am using Google which doesn't support this -- so I ended up putting a junk url in it that we control. After doing that, it didn't show the error anymore and the logout redirection worked.

Daniel Smith

Database Administrator

dsm...@jeffco.edu

(636) 481-3193

TDD (636) 789-5772

Mailing Address:

1000 Viking Drive, Hillsboro MO 63050

Thanks for supporting Jefferson College’s mission to deliver quality learning opportunities that empower individuals to achieve their goals.

On Wed, Jun 29, 2022 at 5:48 AM Filipe Ribeiro <frib...@keep.pt> wrote:

Hi Dan,

I'm having the same problem. Did you discovered anything more regarding this?

Best Regards,

Filipe

[Filipe Ribeiro]

Hi Dan,

I'm having the same problem. Did you discovered anything more regarding this?

Best Regards,

Filipe

A quarta-feira, 15 de junho de 2022 à(s) 15:20:52 UTC+1, Dan S escreveu:

[Łukasz Woźniak]

Hello,

We are using 6.3 version and we've got the same problem. We have configuration single delegate authentication with flag exclusive on true, and after go to logout?service=https://.... CAS didn't logout from Office365. And it redirect to the Office365 there is a session, so it's back to the service.

 "accessStrategy": {
    "@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
    "delegatedAuthenticationPolicy": {
      "@class": "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
      "allowedProviders": [ "java.util.ArrayList", [          "Office365"        ]   ],
      "exclusive": true
    }
  },

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD_9FojqOopswAKqhfkU8Z3ix9_Xum3idJNgB%3D6R%2B00pZqVwLQ%40mail.gmail.com.