I also tried to always redirect to the same URL using redirect-url in the configuration, but this does not work eithr and shows the some logout page as before:
cas: logout: followServiceRedirects: false removeDescendantTickets: true redirect-url: "https://..."; On Friday, November 10, 2023 at 8:56:25 AM UTC+1 Meysam Shirazi wrote: > Hi Udo > Change *cas.log.level* to *debug *or make org.apereo.cas.oidc log level > to trace to see what happening. > common reason is post_logout_redirect_uri does not match service, means > post_logout_redirect_uri is not define as logoutUrl or matching service id > in your service definition. > > > On Friday, November 10, 2023 at 10:29:33 AM UTC+3:30 Udo Einspanier wrote: > >> Hi Meysam, >> >> thanks for the quick reply. Yes, id_token_hint is part of the URL, I just >> left it out for brevity but should have included it. So here is the URL >> from CAS OIDC logout page with all parameters: >> >> >> https://.../cas/oidc/oidcLogout?id_token_hint=...&post_logout_redirect_uri=https://... >> >> But still no redirect from CAS to post_logout_redirect_uri. >> >> Any other ideas? >> >> Thanks, >> Udo >> >> On Friday, November 10, 2023 at 3:41:42 AM UTC+1 Meysam Shirazi wrote: >> >>> It needs idToken in id_token_hint url parameters) that contains >>> clientId, it can be the same id token that be retrieved in login process. >>> On Thursday, November 9, 2023 at 4:20:04 PM UTC+3:30 Udo Einspanier >>> wrote: >>> >>>> Hi, >>>> >>>> we have CAS 6.6 as OIDC provider. When our client initiates logout, it >>>> goes to https://.../cas/oidc/oidcLogout?post_logout_redirect_uri=https:/... >>>> >>>> In the YAML configuration we have: >>>> >>>> cas: >>>> logout: >>>> followServiceRedirects: true >>>> removeDescendantTickets: true >>>> >>>> I would expect CAS to redirect to the URL in parameter >>>> post_logout_redirect_uri, but instead >>>> shows a logout page titled "Logout successful" where the user can click >>>> on the logout URL >>>> specified in the logout request. >>>> Is there some additional setting required for OIDC, or are we missing >>>> something to allow automatic >>>> redirect without user interaction? >>>> >>>> Thanks and best regards, >>>> Udo >>>> >>>> >>>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa26a981-96e4-4ed6-a423-d7010f2f10bcn%40apereo.org.
