search

apereo / mod_auth_cas

An Apache httpd module for integrating with Apereo CAS Server project.
https://www.apereo.org/projects/cas
147 stars 97 forks source link

What is the mod_auth_cas logout callback URL? #125

Closed ssoguroo closed 4 years ago

ssoguroo commented 7 years ago

For example, when the user logs out in the application with /app1/exit, not only application should close application session, but SSO session should be invalidated. Else, after the application logout, it goes to SSO validation and comes back to Application Home Page.

In Siteminder this is achieved by using this directive in LocalConfig:

LogoffUri="/app1/exit"

How do we achive the same here?

dhawes commented 7 years ago

Most people write their own logout page to delete the mod_auth_cas cookies and then redirect to CAS to logout there. A discussion of this is at:

https://groups.google.com/a/apereo.org/forum/?utm_medium=email&utm_source=footer#!msg/cas-user/d8bfgEK-W0U/Jp6QxIOiBAAJ

You can also experiment with CASSSOEnabled to use the CAS protocol single sign out. Note that this is experimental in mod_auth_cas.

There has been discussion over the years about adding a directive to add some kind of logout endpoint that does this, but there is nothing currently available. I have a proof of concept, but it would take a decent amount of work to get it to pull request state.

putt1ck commented 7 years ago

We're hitting this issue and would be happy to collaborate on a solution.

dhawes commented 4 years ago

See #48