> I think that the precise behaviour still needs to be clarified though > (if we get a SAMLRequest, we just invalidate the current session ?
That's the behavior I was thinking. > is the RelayState parameter mandatory ? ...) It's at least helpful as a means of communicating where client should redirect to in the serial mode. Not sure it's mandatory. > But I'd prefer not to touch existing CAS clients and to use out-of-the-box > logout handlers or have a simple logout page/controller (instead of using the > SingleSignOut filter in Java). For my part I'm willing to attempt to mock up a complete solution in server and Java client as a proof of concept. Then we'll have something tangible to review and evaluate benefits/liabilities. I believe I can have something ready in ~2 weeks. Please bug me if I don't follow up by then. M -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
