Ben, logoutURL is where cas will send the logout request (BACK_CHANNEL) or redirect (FRONT_CHANNEL). Default is the url used during login. With back channel logout, cas sends a logout request to logoutURL. Your cas client has to process the request and perform the logout action. Check you cas client's documentation, and perhaps your configuration.
Cas does not end your application's session; it can only suggest to your application to perform its own logout. I suggest removing all of the logout config you have add to cas (except for logoutURL only if it is not the same as the login url). Cas will perform a back channel logout by default. Then see how your application responds to the logout request. Ray P.S. I think the shortest time for TGT time to live is 2m, so you may have to wait this long or visit cas/logout On Wed, 2024-11-06 at 10:47 -0800, Ben wrote: But from the https://apereo.github.io/cas/7.0.x/installation/Logout-Single-Signout.html#casslodisabledPropertyConfig page, it appears under the "Service Endpoint for Logout Requests" section, if I set my logoutURL field to my application's log out, it CAS can get the app to logout? Am I misunderstanding this? Thanks, On Tuesday, November 5, 2024 at 11:38:01 PM UTC-5 Ray Bon wrote: Ben, Cas session (TGT / TGC) and your application session are independent. Logout requests are only sent by cas when cas/logout is visited. Your application (cas client) must be able to receive and process the logout request. These loggers may help: <!-- INFO Performing logout operations for [TGT-...] [number] logout requests were processed DEBUG ST, principal and URL --> <Logger name="org.apereo.cas.logout.DefaultLogoutManager" level="info"> <Filters> <ThresholdFilter level="INFO" onMatch="ACCEPT" onMismatch="NEUTRAL" /> <RegexFilter regex="Captured logout request.*" onMismatch="DENY" /> </Filters> </Logger> <!-- DEBUG Logout request will be sent to but does not print anything when login was through SAML 1.1 --> <Logger name="org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder" level="warn" /> <!-- DEBUG preparing, processing and logout with URL and ST --> <Logger name="org.apereo.cas.logout.slo" level="warn" /> <!-- DEBUG SAML logout payload --> <Logger name="org.apereo.cas.logout.SamlCompliantLogoutMessageCreator" level="warn" /> Ray P.S. default-redirect is where cas will redirect when no service is provided at login On Tue, 2024-11-05 at 06:55 -0800, Ben wrote: I'm sure I'm misunderstanding it, but in my properties, I added the following to try to resolve the issue: cas.view.default-redirect-url= ${cas.server.name<http://cas.server.name/>}/cas cas.logout.follow-service-redirects=true cas.slo.asynchronous=true My application is built in angular 2. Shouldn't it auto log out if the TGC is expired similar to ng-idle? Ben Chang On Monday, November 4, 2024 at 9:39:44 PM UTC-5 Dmitriy Kopylenko wrote: This could be helpful https://apereo.github.io/cas/7.0.x/installation/Logout-Single-Signout.html D. On Mon, Nov 4, 2024 at 14:56 Ben <[email protected]> wrote: I thought CAS superseded the client apps session? Is there a way to overwrite the local session? On Monday, November 4, 2024 at 1:38:23 PM UTC-5 Dmitriy Kopylenko wrote: The client app could be keeping their own local session. D. On Mon, Nov 4, 2024 at 11:33 Ben <[email protected]> wrote: Hello, I am trying to set up a service to require a specific application to log out after x (currently set to 5 as a test) seconds. I see the logs saying its logging out, but when I click around the website, refresh, or make user changes, I'm still logged in and it isn't requiring me to log in. I have the following config services. I don't think anything is interfering with the other. "proxyPolicy": { "@class": "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy", "pattern": "^https?://.*" }, "attributeReleasePolicy" : { "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" }, "accessStrategy" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true }, "ticketGrantingTicketExpirationPolicy": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy", "maxTimeToLiveInSeconds":5 } Any help would be appreciated. Looking at https://groups.google.com/a/apereo.org/g/cas-user/c/zvo3KBi46IU/m/fF-prmwDAQAJ, I tried disabling SLO too and that didn't work. The logs show the following indicating that I'm logged out (but not). 2024-11-04 06:58:37 2024-11-04 11:58:37,840 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN 2024-11-04 06:58:37 ============================================================= 2024-11-04 06:58:37 WHEN: 2024-11-04T11:58:37.840180900 2024-11-04 06:58:37 WHO: [email protected] 2024-11-04 06:58:37 WHAT: TGT-1-****************n9NDYZKzU4-localhost 2024-11-04 06:58:37 ACTION: LOGOUT_SUCCESS 2024-11-04 06:58:37 CLIENT_IP: unknown 2024-11-04 06:58:37 SERVER_IP: unknown 2024-11-04 06:58:37 ============================================================= 2024-11-04 06:58:37 2024-11-04 06:58:37 > 2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Cleaning up expired ticket [TGT-1-****************n9NDYZKzU4-localhost]> 2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing children of ticket [TGT-1-****************n9NDYZKzU4-localhost] from the registry.> 2024-11-04 06:58:37 2024-11-04 11:58:37,840 DEBUG [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Ticket [ST-1-****************QCJKPHUzJY-localhost] could not be found> 2024-11-04 06:58:37 2024-11-04 11:58:37,843 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Removing ticket [TGT-1-****************n9NDYZKzU4-localhost] from the registry.> 2024-11-04 06:58:37 2024-11-04 11:58:37,844 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[2] expired tickets removed.> 2024-11-04 06:59:17 2024-11-04 11:59:17,857 INFO [org.apereo.cas.throttle.AbstractInMemoryThrottledSubmissionHandlerInterceptorAdapter] - <Beginning audit cleanup...> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d7c1d997012aa519025847c19faa6ba177feb708.camel%40uvic.ca.
