Nathan, You may be able to accomplish this with front channel logout or setting TGT policies. https://apereo.github.io/cas/7.1.x/installation/Logout-Single-Signout.html https://apereo.github.io/cas/7.1.x/ticketing/Configuring-Ticket-Expiration-Policy-TGT.html
Ray On Thu, 2024-10-31 at 10:58 -0700, Nathan Cailbourdin wrote: You don't often get email from [email protected]. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Hello, I am trying to set up delegated authentication from one CAS server (Server A) to another CAS server (Server B). I've configured Server A as follows: cas.authn.pac4j.cas[0].login-url=https://XXX/cas/login cas.authn.pac4j.cas[0].client-name=YYY Authentication is working as expected; however, logout from Server B does not propagate to Server A. The request is correctly sent from Server B, and Server A does receive the request, but nothing happens. See the log below : DEBUG [org.apereo.cas.web.flow.controller.DefaultDelegatedAuthenticationNavigationController] - <Received response from client [YYY]; Redirecting to [https://XXX/cas/login?logoutRequest=%3Csamlp%3ALogoutRequest%20xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22%20ID%3D%22LR-8-omIAtA5lXQ55udVglHsFI2k2%22%20Version%3D%222.0%22%20IssueInstant%3D%222024-10-24T16%3A24%3A35Z%22%3E%3Csaml%3ANameID%20xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3EFUNIQUEID%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-8-****************j62G72M-XXX%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E&client_name=YYY]> I also tried manually sending the request, but once again, the CAS session is not destroyed. Did I miss a configuration step? Is CAS able to act as a client in this scenario? Since it needs to receive the SLO (Single Logout) request from Server B and destroy its own session. Thanks. Best regards, Nathan -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/aa1e8975625f0624aee86f77c405cfb24fa2d03d.camel%40uvic.ca.
