CAS app logout in IDP SLO
cantor.2 at osu.edu
Tue Mar 3 14:45:26 EST 2020
On 3/3/20, 2:20 PM, "users on behalf of Michael A Grady" <users-bounces at shibboleth.net on behalf of mgrady at unicon.net> wrote:
> It doesn't appear to be back-channel only, it appears to in some cases pass a POST back thru the user's browser with a
> logoutRequest parameter. But it also doesn't seem to be consistent. But at least in some cases, it appears to be
> propagating the logout to participating CAS services thru such a POST thru the browser.
Our mechanic for invoking propagation is always done that way to allow the UI to report the results, but what happens after that is protocol specific, and my understanding is that it's the server hitting an endpoint at the app and then tunneling a result back that signals success/failure.
Marvin can correct me of course, but as I understood things, it was just what was informally defined for CAS.
More information about the users