Hi, the issue I encountered is that I wanted to differentiate the redirect
URL after login and after logout. When I add the property
cas.view.default-redirect-url=${cas.server.name}/home in
application.properties, the redirection applies both after login and after
logout, which is not desired.
So I implemented this script to intercept the logout without a service,
remove the default redirect URL, and continue to /cas/logout.
==========================script================================
Object run(Object... args) {
def context = args[0]
def logger = args[1]
def httpRequest =
WebUtils.getHttpServletRequestFromExternalWebflowContext(context)
def service = httpRequest.getParameter("service")
def flowScope = context.flowScope
logger.info("Custom logout interceptor. Incoming service = ${service}")
/* Debug complet
flowScope.asMap().each { k, v ->
logger.info("FLOW SCOPE >> ${k} = ${v}")
}*/
if (!service) {
logger.info("No service provided. Forcing redirect removal.")
// Supprimer l'URL de redirection
if (flowScope.contains("logoutRedirectUrl")) {
flowScope.remove("logoutRedirectUrl")
}
}
return new Event(this, "success")
}
=====================application.properties=======================
cas.view.default-redirect-url=${cas.server.name}/home
cas.webflow.login-decorator.groovy.location=
file:/opt/cas/config/logout-redirect.groovy
Le jeu. 20 nov. 2025 à 17:29, Petr Bodnár <[email protected]> a écrit :
> Hello Issaka,
>
> thanks for sharing the script. I can't see a relation to the reported
> problem though. Why does the script remove "logoutRedirectUrl" from the
> flowScope when "service" is not present (while
> DefaultLogoutRedirectionStrategy
> <https://github.com/apereo/cas/blob/v7.3.0/core/cas-server-core-logout-api/src/main/java/org/apereo/cas/logout/DefaultLogoutRedirectionStrategy.java>
> reads
> the logout URL from CAS properties, not from flowScope)? And how do you
> tell CAS to use this script?
>
> Best regards
> Petr
> On Thursday, 20 November 2025 at 15:36:51 UTC+1 Issaka Rabo Moutari wrote:
>
>> Hello team, I came across this bug and developed a Groovy script as a
>> solution. I'm sharing it with you in case it might be helpful to others !
>>
>> Object run(Object... args) {
>> def context = args[0]
>> def logger = args[1]
>>
>> def httpRequest =
>> WebUtils.getHttpServletRequestFromExternalWebflowContext(context)
>> def service = httpRequest.getParameter("service")
>>
>> def flowScope = context.flowScope
>>
>> logger.info("Custom logout interceptor. Incoming service =
>> ${service}")
>>
>> if (!service) {
>> // Supprimer l'URL de redirection
>> if (flowScope.contains("logoutRedirectUrl")) {
>> flowScope.remove("logoutRedirectUrl")
>> }
>>
>>
>> }
>>
>> return new Event(this, "success")
>> }
>> Le mercredi 15 octobre 2025 à 14:32:04 UTC+1, Petr Bodnár a écrit :
>>
>>> Hello,
>>>
>>> we have found several surprising issues/bugs in the CAS class
>>> DefaultLogoutRedirectionStrategy
>>> <https://github.com/apereo/cas/blob/v7.3.0/core/cas-server-core-logout-api/src/main/java/org/apereo/cas/logout/DefaultLogoutRedirectionStrategy.java>
>>> in relation to the CAS setting "cas.view.default-redirect-url", i.e.
>>> the default login/logout URL. These go probably back to CAS version 6.x.
>>>
>>> One the issues is that due to the logic in this class, CAS ignores the
>>> *post_logout_redirect_uri* request parameter *when a default
>>> login/logout URL is set in CAS properties*.
>>>
>>> For now, we have fixed this issue with OIDC (and possibly also with
>>> other logout flows - see all the usages of *putLogoutRedirectUrl(final
>>> HttpServletRequest request, final String service)*) by simply moving
>>> the class's code which reads and uses the variable
>>> *authorizedRedirectUrlFromRequest* to the very beginning of the method.
>>>
>>> Anyone else facing similar issue? And while the fix seems 100% logical,
>>> maybe we have overlooked something?
>>>
>>> Best regards
>>> Petr
>>>
>> --
> - Website: https://apereo.github.io/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ccbfe724-5e3d-4a7f-bbc9-2ce2ea621021n%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/ccbfe724-5e3d-4a7f-bbc9-2ce2ea621021n%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGx3xovgKOoaN7H3bxywzE3FhS740_DmOY3SdsjN_5BVfrRPXg%40mail.gmail.com.
