> 1. Does CAS server callback the other signed in services for > invalidating their sessions?
Yes. > How does that happen and how can I track it? The server tracks that information so that you should not have to. The server implementation: at logout time, the TGT associated with the authenticated user is retrieved and the logOutOfServices method is called, which iterates over the services map sending a SAML LogoutRequest POST to each one. https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/ticket/TicketGrantingTicketImpl.java is a good starting point for source review if you need further information. > 2. Does configuring the Single Sign out filter in the client is > essential for the CAS server callback to work? Yes. That is the component that responds to the SAML LogoutRequest sent by the server. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
