Hello, we have found several surprising issues/bugs in the CAS class DefaultLogoutRedirectionStrategy <https://github.com/apereo/cas/blob/v7.3.0/core/cas-server-core-logout-api/src/main/java/org/apereo/cas/logout/DefaultLogoutRedirectionStrategy.java> in relation to the CAS setting "cas.view.default-redirect-url", i.e. the default login/logout URL. These go probably back to CAS version 6.x.
One the issues is that due to the logic in this class, CAS ignores the *post_logout_redirect_uri* request parameter *when a default login/logout URL is set in CAS properties*. For now, we have fixed this issue with OIDC (and possibly also with other logout flows - see all the usages of *putLogoutRedirectUrl(final HttpServletRequest request, final String service)*) by simply moving the class's code which reads and uses the variable *authorizedRedirectUrlFromRequest* to the very beginning of the method. Anyone else facing similar issue? And while the fix seems 100% logical, maybe we have overlooked something? Best regards Petr -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/510eb63c-34ea-45bd-a588-3b1139c47e63n%40apereo.org.
