Logout requests not handled after Duo auth

[Ted Fisher]

 

We have CAS 4.1.5 with cas-mfa for duo auth.   If a user accesses a service that uses duo it creates a TGT that stays the same when the same user accesses other services whether they use Duo.  When logout occurs all the services get sent a logout request as expected.

But, if the user first accesses one or more services that do not use Duo, they use a TGT.  Then if they access a service using Duo it generates a new TGT that is used for all services after that point.  When logout occurs only the services associated with the later TGT get sent a logout request.  The services that were associated with the first TGT do not get sent a logout request.  It makes sense somewhat, but we’d like to have all services accessed by the user get the logout requests. 

 

Is there a way to have the original servers be associated with the new TGT? 

Have others dealt with this, and how?

 

Thanks.

 

Ted Fisher

Bowling Green State University

 

[Man H]

Ted 

We have a menu application which is the every first application to start before any other.

Is it possible for you to create something alike that could use duo?

Regards 

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB293333DC4FD71179EB319B31C0100%40CY4PR05MB2933.namprd05.prod.outlook.com.