Closed davidkwong closed 5 years ago
phantomtypist
commented
6 years ago Question before we go down the rabbit hole.... is the "Single Sign Out" feature on your actual CAS server configured?
Additionally, can you provide any configuration and/or code here to help diagnose the issue?
davidkwong
commented
6 years ago You raised a good point. It might not have it. I just want to do a basic logout for now. What I suppose to call ? FormAuthenication.Signout ? I guess the end goal is to log out from asp.net but not from CAS. or if it makes sense at all ?
I guess the right question is How do I suppose to logout the right way from my ASP.NET application with CAS login ?
phantomtypist
commented
6 years ago The reason I asked is because developers, like me, aren't the ones configuring the main CAS server.
Single Sign Off is a tricky topic. You guessed it, FormsAuthentication.Signout, but there is a catch. Sure that logs your user out of your application by invalidating your application's authentication ticket/cookie, but not from CAS. Therein lies a problem. If the user navigates in the browser right away back to a page in your application that requires authentication, they are automatically signed back in (since they still have a valid auth with the CAS server.)
To truly log off the user you'd need to log them out of CAS itself AFAIK.
If single sign out is implemented in your CAS server, then calling CasAuthentication.SingleSignOut should work. IIRC the CAS server publishes the endpoint for Single Sign Out so you wouldn't need to declare it in your application config.
Since this isn't .NET specific, I would implore you to head over to the CAS Gitter page and ask the question in a generalized form. That's over at https://gitter.im/apereo/cas. There are some very knowledgeable people over there that know a ton more about CAS than I personally do.
phantomtypist
commented
6 years ago @davidkwong please circle back to this issue after you find out more from the thread on Gitter. I'll keep the issue open until you find out more just in case we need to change something here.
kennethac
commented
5 years ago Any updates on this issue?
phantomtypist
commented
5 years ago @webMan1, @davidkwong never responded back to my last question/comment so I'm going to make a bad assumption that that was David's problem.
The comment/question I'm referring to is: https://github.com/apereo/dotnet-cas-client/issues/76#issuecomment-369122140
Did you cover your bases with that and it still doesn't work for you?
phantomtypist
commented
5 years ago Gonna close this for now and if anybody responds we can reopen it.
Hello ,
I am trying to set the landing page for the logout after calling CasAuthentication.SingleSignOut().
Can you let me how to set the the logout landing page ? ...It's now setting to Logout.aspx which is the page I called this function.