CAS 4.2.7 back-channel logout POST requests not sent to all logged-on services(?)

[Gang Yang]

Hi,

I've just upgraded our CAS server from 3.3.1 to 4.2.7. When testing with Single Logout, I found that CAS 4.2.7 no longer send the back-channel logout POST request to all logged-on webapps any more. From the CAS 4.2 document, I thought sending bach-chennel logout to all webapps is the default behavior. Is it not?

I used the CAS war template to build my 4.2.7 CAS server war with only two added dependencies, cas-server-support-basic and cas-server-support-saml. Did I miss anything for the default single logout behavior? Do I need to do any further configuration? I did not for earlier version of CAS 3.3.1.

Appreciate any help and pointers.

Gang

[Gang Yang]

Just to update with more findings. This not sending back-channel logout to all services behavior only happens with Basic Authentication. When I restored the configuration to use form authentication, CAS server did send back-channel logout to all services. If any one has any inside on this, please help. I did struggle with configuring CAS server to use Basic Authentication earlier. I ended up adding the cas-server-support-basic.jar, created a simple JSP to do the Basic Authn challenge and simply substituted the "casLoginView" with this new JSP w/o changing anything else. Not sure if this is a complete configuration for Basic Authentication - there's virtually no doc on this.

Gang