Logout using delegated authentication to another CAS server

Diego Henrique Pagani

unread,

May 17, 2018, 2:17:26 PM5/17/18

to CAS Community

Hi guys,

I have the structure: [Oauth2 application] -> [cas5] -> [cas3].

The CAS5 server is configured to delegate authentication, using CAS30 protocol (pac4j) to cas3 and it's working fine. The problem that I'm trying to solve is when the user asks for logout. I need that the user ends its session com Oauth2Application, CAS5 and CAS3.

The following steps shows the problem:

1 - User is logged in Oauth2 application,CAS5 and CAS3.

2 - User logout the oauth2app

3 - Oauth2app redirects the user to CAS5 logout

4 - CAS5 logouts the user and redirects to oauth2app(following service URL)

5 - Oauth2 app(the user is not logged anymore) redirects to CAS5 to login again

6 - CAS5 redirects the user to CAS3

7 - CAS3 still has a valid SSO session to user, that is, redirect to CAS5 authenticated

8 - CAS5 creates the tickets and redirects to oauth2applicaton

9 - User is logged in

For the user, he/she is asking for logout, wait some time, and it's logged again and that is a problem.

How can I configure CAS5, when the user is logging out, to tell CAS3 to end its session or redirects to CAS 3 to logout, and get back to the login screen?

Misagh Moayyed

unread,

May 17, 2018, 2:59:08 PM5/17/18

to cas-...@apereo.org

How can I configure CAS5, when the user is logging out, to tell CAS3 to end its session or redirects to CAS 3 to logout, and get back to the login screen?

https://cas5/cas/logout?service=https://cas3/cas/logout?service=wherever-you-need-to-go

with the proper encoding of the parameters.

Diego Henrique Pagani

unread,

May 17, 2018, 4:20:48 PM5/17/18

to cas-...@apereo.org

But I need to change the url of the logout on oauth2app. Is there someway to do it on cas5 configuration ?

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/288880377.835674.1526583545685.JavaMail.zimbra%40unicon.net.

--

Diego Henrique Pagani

unread,

May 17, 2018, 4:32:32 PM5/17/18

to cas-...@apereo.org

Aaah, and I also have to configure a service on CAS5, allowing CAS3 to redirect.