Adding Request Param to CAS login and logout.

[Mr Rao]

Hi, Currently I've implemented delegated authentication using CAS 5.2.3 with other apps for external IDP logins, i.e ADFS, OKTA etc..  When the user click on  app which is integrated with CAS SSO ,they pass a param called idp=adfs

and when the user logout from app1 it will go to logout to re-login again in that case I want to add the idp param back to login url. Basically when user re-login I want to delegate to ADFS login. 

For example 

1) User click on  https://localhost:8443/app1?idp=adfs

2) It will redirect to https://localhost:8443/cas/login?idp=adfs

3) CAS will delegate authentication to ADFS and  successfully login to  https://localhost:8443/app1

4) User click logout link on app  https://localhost:8443/app1   which will redirect to https://localhost:8443/cas/logout.

After this on logout page user can link login again link  in that case it will redirect to https://localhost:8443/cas/login  but I want to add idp=adfs param back which came originally from initial request so that it can delegate to ADFS if user doesn't close browser and re-login.  I can change each app to use https://localhost:8443/cas/logout?idp=adfs and take that param and send it to https://localhost:8443/login?idp=adfs.

But there are many apps I need to change, is there any easy way to achieve this on CAS side ? Or whats the best practice to handle app specific logout. this is not a global logout from IDP just logged out of CAS and other SSO apps but the user is still active on IDP side.

Thanks

Rao.