Hi Marvin, On Jun 8, 2011, at 8:01 AM, Marvin Addison wrote:
>> is there a way for CAS to redirect after a successful logout? > > You can get this to work, but it's not supported by default. > >> I noticed that some apps (e.g. moodle) send a URL parameter with a return >> address. > > That's correct. You can configure your clients to send a url > parameter to the /cas/logout URI and CAS can act upon it. You could > configure the logout JSP of CAS to examine the url parameter and issue > a redirect instead of displaying a link. Note we removed this > functionality in the recent past do to security concerns. You should > consider in your solution that the url parameter could be abused to > issue redirects to untrusted resources. Do you have a link to a ticket or discussion about this? I'm curious what vulnerability is introduced by having CAS issue this untrusted redirect. Thanks, Rhett > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
