We're having an issue with Single Sign Off and SAML and I need a little clarification to figure out where our issue may be. First of all CAS SSO is working as expected for us on multiple services. Second we're using CAS 3.3.3 in our production environment with plans to upgrade to 3.3.5 or maybe 3.4 in the near future. Between versions I'm not sure which versions SSOff was on be default and which versions it was off by default. Currently we don't have an argument extractor setting to change it from the default. Third we don't have have service management enabled, if we do enable it I'm not sure how to flag the SAML service as enabled. The problem is if someone accesses our google apps service and logs in they authenticate via CAS as expected. If they follow a link from mail to our portal the portal does the SSO with CAS correctly. If in the portal they log off the log off appears to function correctly and access to the portal presents the the CAS login screen as expected. However the issue is that if the go back to the google apps url they are still signed in. Another issue where clarification would be of assistance, currently we have the portal set to logout with cas/logout?service=<portal URL> when should you include the service with the logout and when should you not? I know including it effects where the browser re-directs to when logout is complete but does it in any way effect SSOff? Does it limit sign off to the specified service?  Andrew Tillinghast Sr. Web Developer Ph:860 439-5265 Fax: 860 439-2871 P Think before you print CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- |
- [cas-user] SAML SSOff Issue Andrew Tillinghast
- [cas-user] SAML SSOff Issue Andrew Tillinghast
