CAS Logout redirect

Cantor, Scott cantor.2 at
Wed Jul 31 16:08:20 EDT 2019

> Will there be future support?

The IdP cannot support that or the single logout support would be impossible. It's definitionally necessary if you don't include pop-up windows as a viable UI, and we do not.

Proxying in the future will only be doable by ending the logout sequence from the IdP PoV and then giving a user the option to allow additional logout back to the proxy, and that's another reason why the UI has to terminate at the IdP. An additional redirect like this is effectively like that proxy case, there's no way the IdP (or you) can know when it's the right time to take that step since the logout propagation is asynchronous/parallel.
> If no, is there access to the /logout http request parameters passed into the logout.vm
> such that I could script a redirect from the view?

Any parameters are gone by the time the view renders, there are additional flow stages in between. I don't know what people have done to deal with it, other than perhaps a servlet filter that would save the data off in the session or context tree.
-- Scott

More information about the users mailing list