How to skip Azure AD logout which conflicting with CAS client Front_Channel logout in CAS V6

47 views

Skip to first unread message

Robert Li

unread,

Apr 17, 2020, 3:57:06 AM4/17/20

to CAS Community

Hello, I encounter SLO issue with Azure AD as IDP with CAS 6.1.4.

I have a few CAS client applications which must use front channel logout to support SLO. In my testing, if login through the default CAS id/pwd UI, SLO worked as as expected. However, if I use delegated Azure AD as IDP, the logout will just performed the Azure AD logout. In the debug, the frontLogout step in the logout flow was executed. However, the rendered content was not sent back to the browser. I guess it was overwritten by the Azure logout step which is useign the setting of azure.logoutUrl.

I tried to removed below setting, but it had no effect (which I could see now the code just reconstruct it anyway)

cas.authn.pac4j.oidc[0].azure.logoutUrl=https://login.microsoftonline.com/39469cf7-e1da-410f-be47-95ee748cdb9c/oauth2/v2.0/logout

In our business case, it is actually not desirable to perform the Azure Logout, due to applications SSOed with CAS are viewed as different suit to Office 365 suit. So after sign-out from CAS, we expected to see Office 365 still logged-in.

Are there any setting that allows me to skip the azure.logoutUrl and performed the front_channel logout instead? I am using CAS 6.1.4 at this point, but I can use any CAS 6 version if necessary.

Appreciated your attention.

Jérôme LELEU

unread,

Apr 17, 2020, 10:33:18 AM4/17/20

to cas-...@apereo.org

Hi,

I guess this logout call is triggered by the DelegatedAuthenticationClientLogoutAction. I don't think you can disable that without the appropriate customisation.

Thanks.

Best regards,

Jérôme

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a236bd91-7ca0-4676-8d0f-170d95621950%40apereo.org.

Reply all

Reply to author

Forward

0 new messages