search

ecphp / cas-bundle

CAS Bundle, a standard Symfony bundle for authentication using CAS protocol.
https://ecphp-cas-bundle.readthedocs.io
BSD 3-Clause "New" or "Revised" License
43 stars 9 forks source link

Secured route still showing logged in after a /cas/logout #81

Closed bljohnsondev closed 1 year ago

bljohnsondev commented 1 year ago

Steps required to reproduce the problem

  1. Visit a secured URL based on access control in security.yaml
  2. Redirected to CAS instance for login
  3. After logging into CAS it is redirected to secured URL (but ONLY if I omit the login/default_parameter/service in cas_bundle.yaml but that's a different issue I'm running into)
  4. Visit the /cas/logout page
  5. Redirected to the logout service route
  6. Visit the secured URL again and the login session is maintained and the user is not redirected to CAS

Expected Result

Actual Result

I could be doing something stupid since this is my first time trying to work with CAS and this library but I can't figure out why a secured URL is not requiring me to login again after visiting the /cas/logout URL.

EDIT:

Just to add it looks like I can invalidate the session myself using the standard Symfony logout and I can then redirect to /cas/logout as a target using something like this in security.yaml:

        main:
            ...
            logout:
                path: app_logout
                target: cas_bundle_logout

Is this the intended use case for logging out or should /cas/logout invalidate the session? Having to do it in the app itself and then redirecting via target to /cas/logout to also log out seems to be a bit clumsy (but it does seem to work).

Symfony version: 5.4 ecphp/cas-bundle: 2.4