> I've been looking at https://wiki.jasig.org/display/CASUM/Single+Sign+Out > and am wondering if I would be correct in assuming that single sign-out is > on by default?
It's on by default in the sense that the server always attempts to send a SAML LogoutRequest request to all clients when the SSO session ends. That notice is only helpful, though, if clients receive it and understand it. Most of the official clients (Java, phpCAS, mod_auth_cas, .NET) can be configured to handle LogoutRequest correctly. Since there's really not a "default" configuration for the clients, single sign-out effectively works only if your CAS server can contact all the clients and they all have been configured to handle the LogoutRequest message. Since client setup is required, I don't think it's correct to say single sign-out is enabled by default. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
