Can tell me what exactly did to solve your problem please , i have same you case please explain in detail
في الخميس، 25 فبراير 2021 في تمام الساعة 12:28:42 م UTC+3، كتب [email protected] رسالة نصها: > Hello everybody. > > I have understood better the reason of that behavior. It's not true that > Oidc logout flow doesn't come into play. It builds a redirection for the > client to go to external Identity Provider logout url. > But if "cas.logout.redirectUrl" is defined, also that works as a > redirection built for the client. In that case, the Oidc logout redirection > gets overridden by the latter one. > If I undefine that general logout configuration, Oidc logout redirection > works. But the outcome is to have no redirection at all after logout, and > this seems quite bad. > > In my opinion, instead of "overriding", the Oidc logout flow should be > "merged" with that "cas.logout.redirectUrl" by building a redirection > request for external provider that adds a "redirect_uri" query parameter in > the Oidc request: so after logout from the external provider, the client > gets redirected again to the final logout destination. But at the moment > this seems not considered by current implementation of > "cas-server-support-pac4j-authentication" and "pac4j-oidc" libraries. > > I hope this hint can help anyone with same issue. I don't know if I can > suggest a feature request. > Thank you very much. > > Vincenzo Colonnella > > Il giorno giovedì 18 febbraio 2021 alle 18:20:51 UTC+1 Vincenzo Colonnella > ha scritto: > >> >> Hello everybody. >> >> I am running CAS 6.3.2 and set up Delegated Authentication towards an >> external OpenID Connect service based upon Keycloak. >> Authentication works fine, I get back a Principal with ID taken from the >> "preferred_username" field. >> >> But when application logs out from CAS, the session against the external >> provider keeps alive and further authentication attempts go through without >> credential submission. >> It seems that the Pac4J OidcLogoutActionBuilder does not come into play >> also if it should, I am having an hard time to tell why. >> When KeycloakOidcClient is created, OidcLogoutActionBuilder seems to be >> built and logoutUrl is correct (but I had to explicitly set it in >> configuration, otherwise it was null). >> >> I cannot understand why the authentication flow misses that logout step, >> I believe CAS server should send a request to that logoutUrl when client >> ticket is destroyed. >> >> Dependencies in build.gradle: >> compile >> "org.apereo.cas:cas-server-support-jdbc-drivers:${casServerVersion}" >> compile >> "org.apereo.cas:cas-server-support-jpa-ticket-registry:${casServerVersion}" >> compile >> "org.apereo.cas:cas-server-support-jpa-service-registry:${casServerVersion}" >> compile "org.apereo.cas:cas-server-support-jdbc:${casServerVersion}" >> compile "org.apereo.cas:cas-server-support-ldap:${casServerVersion}" >> compile >> "org.apereo.cas:cas-server-support-pac4j-webflow:${casServerVersion}" >> compile "org.apereo.cas:cas-server-support-saml:${casServerVersion}" >> compile "org.apereo.cas:cas-server-support-rest:${casServerVersion}" >> compile >> "org.apereo.cas:cas-server-support-reports:${casServerVersion}" >> compile "org.apereo.cas:cas-server-support-openid:${casServerVersion}" >> compile >> "org.apereo.cas:cas-server-core-authentication-api:${casServerVersion}" >> compile >> "org.apereo.cas:cas-server-core-api-configuration-model:${casServerVersion}" >> >> CAS Configuration: cas.properties (attached) >> >> Service json: general-1001.json (attached) >> >> Sample log: sample.log (attached) >> >> Thank you very much. >> Vincenzo Colonnella >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0da9c83a-141f-4e5f-9901-2ff92c2ea6c8n%40apereo.org.
