Redirect on logout for idp3 and CAS?

Dan Oachs doachs at
Tue Apr 12 12:17:13 EDT 2016

On 04/12/2016 11:10 AM, Marvin Addison wrote:
> On Tue, Apr 12, 2016 at 10:52 AM O'Dowd, Josh <Josh.O'Dowd at 
> <mailto:Josh.O%27Dowd at>> wrote:
>     Does a 'return' parameter in the logout URL seem a prudent
>     enhancement , since the NativeSP has that functionality and Jasig
>     CAS offers that capability as well?
> I'm not in favor of it. The return parameter was never specified in 
> the CAS protocol v2 spec, and its introduction into the Jasig CAS 
> server was (to me) a curious addition. I'm unaware of the use cases 
> that drove its creation, but I am aware that it was the source of at 
> least one security issue (XSS vector). Maybe if you could articulate 
> the value I'd be more willing, but I just don't understand what value 
> it provides.
> M

We have a few use cases for this.  The one we are getting the most push 
back for now that it no longer works is this....  We have a kiosk 
computer in an office where users log in, fill out a form, then log 
out.  They really want the browser to end up back on the form page but 
logged out so when the next user gets to the computer it is all set for 
them.  With our old CAS server, this worked well for them.

A 'return' parameter in the logout URL similar to what Jasig CAS offers 
would be great for our needs.

         Dan Oachs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3693 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the users mailing list