Logout of O365/Shib/CAS

Michael A Grady mgrady at unicon.net
Tue May 5 00:08:00 EDT 2015

On May 4, 2015, at 10:37 PM, Michael A Grady <mgrady at unicon.net> wrote:

> But if you set the logout URL to go to the CAS logout, and then have that redirect the user back to a URL you create on the ADFS Server, you could probably get what you want. Install IIS, and have a simple .Net app that just clears any and all cookies for the ADFS service. (Windows can co-exist ADFS and IIS's use of :443 on the same IP Address.) Redirect to that after the CAS logout. Not elegant, but seems a better option than messing with the dlls. 

That's assuming you don't need to be able to read those cookies to find their names, because ADFS is scoping its cookies to /adfs, and you likely can't get your own script to be on that path. I can't find a definitive reference on what all the cookie names are, and the meaning of each, but one can at least see what they are thru live headers and looking at the cookies in your browser.

Michael A. Grady
Senior IAM Consultant, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150504/4e023ad3/attachment.html>

More information about the users mailing list