does CAS 5.2.0 SAML Logout support propagation of logout requests to other session participants?

[Elena]

Hello,

I read your SAML Docs and found link https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html#_single_logout_2.

It define SAML Single Logout like this. 

4.3. Single Logout

[IIP-IDP17]

Identity Providers MUST.... It is OPTIONAL to support propagation of logout requests to other session participants.

I wonder that CAS provide OPTIONAL function (highlighted red color) of SAML Single logout.

Thanks.

[Man H]

cas.slo.disabled=false

see https://apereo.github.io/cas/5.2.x/installation/Logout-Single-Signout.html

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/650fbf2f-3b98-4dd0-b439-92237f74e0e0%40apereo.org.

[Elena Hong]

Thanks to reply.

I try do it.

But It only sends logout message last service.

Add config

cas.slo.disabled=false

cas.slo.asynchronous=false

My Test Case.

- I have 3 Service Provider, A, B, C.

- I login A, B, C in order with SAML protocol.

I expect to result.

- when I logout at A then B and C receive logout message From CAS.

But actual result.

- when I logout at A, receive logout message only C (logged in last), B didn't.

So I debugged CAS 5.2.0, Service Ticket has info only last logged in service.

Is it bug or doesn't provide slo at SAML?

Thanks.

2018년 5월 12일 (토) 오전 2:59, Man H <info.i...@gmail.com>님이 작성:

cas.slo.disabled=false

see https://apereo.github.io/cas/5.2.x/installation/Logout-Single-Signout.html

2018-05-11 1:53 GMT-03:00 Elena <ahee...@gmail.com>:

Hello,

I read your SAML Docs and found link https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html#_single_logout_2.

It define SAML Single Logout like this. 

4.3. Single Logout

[IIP-IDP17]

Identity Providers MUST.... It is OPTIONAL to support propagation of logout requests to other session participants.

I wonder that CAS provide OPTIONAL function (highlighted red color) of SAML Single logout.

Thanks.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/650fbf2f-3b98-4dd0-b439-92237f74e0e0%40apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---

You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/olu1-70c53U/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micdND85FQTQA37b-pkecaKpVoQh-bpLmwwgANZcv1TguQ%40mail.gmail.com.

[Man H]

If you want slo for all services

cas.slo.disabled=true

cas.slo.disabled=false

see https://apereo.github.io/cas/5.2.x/installation/Logout-Single-Signout.html

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/650fbf2f-3b98-4dd0-b439-92237f74e0e0%40apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---

You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/olu1-70c53U/unsubscribe.

To unsubscribe from this group and all its topics, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micdND85FQTQA37b-pkecaKpVoQh-bpLmwwgANZcv1TguQ%40mail.gmail.com.

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFPc70%3DnhBrrn7%2Baepxt7S4w4HX7gcQzrOVDShk--4KgoCrYUw%40mail.gmail.com.

[Constantine Music]

Are you solve this issue?

I have the same problem.

понедельник, 14 мая 2018 г., 11:19:46 UTC+3 пользователь Elena написал:

[Elena Hong]

hello.

Set onlyTrackMostRecentSession to false.

cas.ticket.tgt.onlyTrackMostRecentSession=false

It makes tgt can keep all session participants(other sp).

Logout after set this config, Cas propagate logout request to other SP via "CAS protocol".

When propagate logout request to other SP, CAS doesn't provide SLO via SAML protocol.. maybe..

(If I misunderstand, please notice to me.)

2018년 6월 4일 (월) 오후 9:58, Constantine Music <panic.ps...@gmail.com>님이 작성:

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0b27d44a-e990-457c-a809-bbd43d1e16f6%40apereo.org.