Wilson, Docs mention cas.logout.follow-service-redirects which is false by default.
Set it to true. https://apereo.github.io/cas/7.1.x/installation/Logout-Single-Signout.html#cas-logout Ray On Mon, 2025-01-13 at 02:17 -0800, Wilson Goh wrote: You don't often get email from [email protected]. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Hi, I am trying to implement delegated authentication to Microsoft Entra (AAD) with SAML2. Currently I have successfully implemented login from SP -> CAS -> Entra. However, I am encountering issues with logout. SP uses SAML to communicate with CAS and CAS uses SAML to communicate with Entra. When I initiate logout from SP , it will POST /idp/profile/SAML2/POST/SLO with a LogoutRequest to CAS. CAS will then handle the request and sends a LogoutRequest to Entra. However, the issue I'm having is that the end page ends at {cas}/logout?service=. It does not redirect back to the SP's callback. Is there anyway i can redirect back to SP's callback? config: cas.authn.saml-idp.core.entity-id=https://{cas}/idp cas.authn.saml-idp.metadata.file-system.location=file:/etc/cas/saml/saml-idp cas.authn.pac4j.saml[0].client-name=entra cas.authn.pac4j.saml[0].service-provider-entity-id=https://{cas}/cas cas.authn.pac4j.saml[0].destination-binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST cas.authn.pac4j.saml[0].keystore-path={keystore} cas.authn.pac4j.saml[0].keystore-password=changeit cas.authn.pac4j.saml[0].private-key-password=changeit cas.authn.pac4j.saml[0].metadata.identity-provider-metadata-path={entra-metdata} cas.authn.pac4j.saml[0].metadata.service-provider.file-system.location={cas-sp-metadata} cas.authn.pac4j.saml[0].wants-responses-signed=true cas.authn.pac4j.saml[0].use-name-qualifier=false cas.authn.pac4j.saml[0].sign-service-provider-logout-request=true -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/930991215522e6d9454860b2fcd6615721055553.camel%40uvic.ca.
