Support for logout at remote authentication providers?
24 views
Skip to first unread message
Mark Wood
Oct 20, 2016, 2:15:22 PM10/20/16
to omniauth
I'm rather new to omniauth. I'm working on an existing application that uses omniauth-cas and devise. I've been asked to provide a control that will not only log out of the current application, but invalidate the CAS ticket-granting ticket, so that any new attempt to access CAS-authenticated services results in a new login prompt.
Since omniauth-cas defines an option 'logout_url', I naturally thought there must be some way to get the plugin to do the logout. Eventually I just grepped through the omniauth-cas code and discovered that this string appears exactly twice: once to define the option, and once in the README. Am I missing something, or is this option really not used at all?
(What I was hoping to find: that omniauth defines a generic "remote logout" path which invokes strategies supporting it to do whatever they must do to ensure that the current single-signon session will not be subsequently usable to create a new local session at any service. This would obviate the code needing to figure out which strategy the current user employed and what to do about remote logout. Alas, I haven't found such a thing. No, I don't mean "single sign out", at least, not as CAS defines it.)
Since omniauth-cas defines an option 'logout_url', I naturally thought there must be some way to get the plugin to do the logout. Eventually I just grepped through the omniauth-cas code and discovered that this string appears exactly twice: once to define the option, and once in the README. Am I missing something, or is this option really not used at all?
(What I was hoping to find: that omniauth defines a generic "remote logout" path which invokes strategies supporting it to do whatever they must do to ensure that the current single-signon session will not be subsequently usable to create a new local session at any service. This would obviate the code needing to figure out which strategy the current user employed and what to do about remote logout. Alas, I haven't found such a thing. No, I don't mean "single sign out", at least, not as CAS defines it.)
akali...@antyplagiat.pl
Mar 23, 2017, 10:41:11 AM3/23/17
to omniauth
Have you found a solution for this?
Reply all
Reply to author
Forward
0 new messages