Redirect on logout for idp3 and CAS?
Dan Oachs
doachs at gac.edu
Tue Apr 12 12:17:13 EDT 2016
On 04/12/2016 11:10 AM, Marvin Addison wrote:
> On Tue, Apr 12, 2016 at 10:52 AM O'Dowd, Josh <Josh.O'Dowd at mso.umt.edu
> <mailto:Josh.O%27Dowd at mso.umt.edu>> wrote:
>
> Does a 'return' parameter in the logout URL seem a prudent
> enhancement , since the NativeSP has that functionality and Jasig
> CAS offers that capability as well?
>
>
> I'm not in favor of it. The return parameter was never specified in
> the CAS protocol v2 spec, and its introduction into the Jasig CAS
> server was (to me) a curious addition. I'm unaware of the use cases
> that drove its creation, but I am aware that it was the source of at
> least one security issue (XSS vector). Maybe if you could articulate
> the value I'd be more willing, but I just don't understand what value
> it provides.
>
> M
>
>
>
We have a few use cases for this. The one we are getting the most push
back for now that it no longer works is this.... We have a kiosk
computer in an office where users log in, fill out a form, then log
out. They really want the browser to end up back on the form page but
logged out so when the next user gets to the computer it is all set for
them. With our old CAS server, this worked well for them.
A 'return' parameter in the logout URL similar to what Jasig CAS offers
would be great for our needs.
Thanks,
Dan Oachs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160412/3499b1d5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3693 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20160412/3499b1d5/attachment.p7s>
More information about the users
mailing list