Logout of O365/Shib/CAS

[Misagh Moayyed]

If I recall correctly, once you log out of O365 the flow eventually ends up 
on some sort of Logout.aspx page and from there, assuming all normal ops 
within that page invalidate your session, you can reroute the flow to 
cas/logout. If your CAS server is configured to follow redirects, you can 
construct the url su that after the logout the flow is directed back to 
O365, or some other page of your choosing that is also present in your CAS 
service registry.



From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Rhian Resnick
Sent: Monday, May 4, 2015 2:00 PM
To: Shib Users
Subject: Re: Logout of O365/Shib/CAS



If you find a solution please share it.

On May 4, 2015 4:49 PM, Benjamin Cherian <benjamin.cherian at villanova.edu 
<mailto:benjamin.cherian at villanova.edu> > wrote:

We are testing Shibboleth IdP 3 (auth via CAS) with ADFS 3 and O365. 
Currently we had everything working, except logout. We setup our Shib server 
to use CAS client to authenticate via our existing CAS environment. We also 
implemented CAS SLO on the Shib servers. We turned session 
management/storage off completely in Shib as well.

Currently when we try to logout of office dev, it returns an error, because 
it is trying to use Shibboleth's logout URL, which returns an error, 
because. At that point the end user is not logged out of CAS or O365. We can 
try to redirect to the CAS logout page, but that doesn't log them out of the 
O365 portal.

What is the correct way to logout of CAS and logout of ADFS/O365? Is there a 
JSP or other code I should edit to sent them to CAS? Is there a way to 
specify in the SAML response that it is not an error?

Thanks,
Ben
-- 
To unsubscribe from this list send an email to 
users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150504/e9f86979/attachment.html>