search

apereo / mod_auth_cas

An Apache httpd module for integrating with Apereo CAS Server project.
https://www.apereo.org/projects/cas
146 stars 97 forks source link

Single Sign Out #115

Closed pouriam closed 8 years ago

pouriam commented 8 years ago

Hello,

I have noticed in the readme that single sign out is not supported. Is there a chance that this can be added as a feature? It is very important from a security point-of-view for my application.

I had some possible ideas that might allow it to work:

  1. Have all requests go through the cas server, similar to when you first must do cas login (i.e. https://cas.example.com/cas/login?service=https%3a%2f%2fmyapp.example.com%3a8082%2f
  2. When the user logs out from CAS server, modify the cookies or delete the cookies in mod_auth_cas (mentioned here: https://groups.google.com/forum/#!topic/jasig-cas-user/f3z_sJ4stXc)

Thank you

dhawes commented 8 years ago

Have you tried "CASSSOEnabled On"?

This works for me though some users clearly have issues with it as noted in #88. This is on my list of things to fix, I just haven't gotten around to it yet.

As for deleting the cookies, I have played around with it and have a rough proof of concept working. Other users have done this as well, but I don't think any have submitted merge requests.

pouriam commented 8 years ago

Thanks, "CASSSOEnabled On" made it working. I think README documentation needs to be more clear about SSO, as it confused me, and I didn't try it.