[cas-user] Re: CAS ignores post_logout_redirect_uri when default login/logout URL is set

Thu, 20 Nov 2025 06:36:51 -0800 

Hello team, I came across this bug and developed a Groovy script as a 
solution. I'm sharing it with you in case it might be helpful to others ! 

Object run(Object... args) {
    def context = args[0]
    def logger = args[1]

    def httpRequest = 
WebUtils.getHttpServletRequestFromExternalWebflowContext(context)
    def service = httpRequest.getParameter("service")

    def flowScope = context.flowScope

    logger.info("Custom logout interceptor. Incoming service = ${service}")

     if (!service) {
        // Supprimer l'URL de redirection
        if (flowScope.contains("logoutRedirectUrl")) {
            flowScope.remove("logoutRedirectUrl")
        }

       
    }

    return new Event(this, "success")
}
Le mercredi 15 octobre 2025 à 14:32:04 UTC+1, Petr Bodnár a écrit :

> Hello,
>
> we have found several surprising issues/bugs in the CAS class 
> DefaultLogoutRedirectionStrategy 
> <https://github.com/apereo/cas/blob/v7.3.0/core/cas-server-core-logout-api/src/main/java/org/apereo/cas/logout/DefaultLogoutRedirectionStrategy.java>
>  
> in relation to the CAS setting "cas.view.default-redirect-url", i.e. 
> the default login/logout URL. These go probably back to CAS version 6.x.
>
> One the issues is that due to the logic in this class, CAS ignores the 
> *post_logout_redirect_uri* request parameter *when a default login/logout 
> URL is set in CAS properties*.
>
> For now, we have fixed this issue with OIDC (and possibly also with other 
> logout flows - see all the usages of *putLogoutRedirectUrl(final 
> HttpServletRequest request, final String service)*) by simply moving the 
> class's code which reads and uses the variable 
> *authorizedRedirectUrlFromRequest* to the very beginning of the method.
>
> Anyone else facing similar issue? And while the fix seems 100% logical, 
> maybe we have overlooked something?
>
> Best regards
> Petr
>

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/eda77c4c-a883-4421-8dcb-e6794c27edb0n%40apereo.org.

Reply via email to