CAS app logout in IDP SLO

Cantor, Scott cantor.2 at
Tue Mar 3 14:45:26 EST 2020

On 3/3/20, 2:20 PM, "users on behalf of Michael A Grady" <users-bounces at on behalf of mgrady at> wrote:

> It doesn't appear to be back-channel only, it appears to in some cases pass a POST back thru the user's browser with a
> logoutRequest parameter. But it also doesn't seem to be consistent. But at least in some cases, it appears to be
> propagating the logout to participating CAS services thru such a POST thru the browser.

Our mechanic for invoking propagation is always done that way to allow the UI to report the results, but what happens after that is protocol specific, and my understanding is that it's the server hitting an endpoint at the app and then tunneling a result back that signals success/failure.

Marvin can correct me of course, but as I understood things, it was just what was informally defined for CAS.

-- Scott

More information about the users mailing list