SingleLogout from external Idp - CAS 5.2

[azki]

While implementing Apereo-CAS I've faced the next problem: I want to implement the SingleLogout which will log me out of all related applications including an external identity provider. In the case when customers are authenticated directly through internal cas mechanisms, cas singlelogout proceeds correctly - using the appropriate configuration of service registers. However, as I mentioned earlier, I would like to know how to log out from an external identity provider. Namely, I got Service1, authentication to it takes place using the delegated authentication mechanism and okta.com as an identity provider. At the moment when I log out of the application I would also like to be logged out of okta - as well as her other clients. Further when I log out directly from okta or one of okta's clients then I should be logged out from of all my applications on the casa side.

In the context of the application configuration on the octa side, what should SingleLogoutURL look like? I also have no idea how the setup should look like on the cas side - is it possible to do so by the appropriate configuration of the service registers? And what is the most important: is it possible to solve my problem at all by means of appropriate CAS service configuration?  In the official documentation, there is much information on the subject like delegated authentication, singlelogout on the case side but I can not find anything about my problem.

I will be very grateful for any tips. Thank you in advance for your interest and help

[Man H]

Hi 

I would say this is more a OKTA issue, I don't know much about it but I suggest you look for a URL in OKTA that would do your requested logout and redirect CA's to that URL.

Regards

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7926d98a-78e7-4ecc-ac48-fa41820e24ed%40apereo.org.

[azki]

What do you mean by redirecting the CAS to this address? Do you mean to specify a "logoutUrl" parameter in the services register? I tried this entry "logoutUrl" : https://dev-540472.oktapreview.com/app/kidev540472_oktaidpend_1/exkd5ymrh7ZmIRjiH0h7/slo/saml however, to no avail. 

What should the entry "Single Logout URL" look like on okta's side? 

[Man H]

You can specify a logout url  with cas customization.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1cd8cdba-d67e-4af2-85a7-e62fab1d8995%40apereo.org.