Hi Ed, I haven't had time to try this yet, but the idea is that after CAS logs the user out you could have it return a HTML page to the browser (or redirect to another application that does so) that contains a hidden iframe who's source URL is the Google apps logout link. The browser would hit that URL, sending the right session cookie to Google, which would then invalidate the session. No cURL needed.
It's obviously not 100% reliable, because there could be a failure in getting that page loaded by the browser, but I've done this successfully to accomplish SLO and other tricks, just not with Google. The main catch is whether or not Google implements CSRF protection for their logout link, since in effect you'd be "forging" a logout request to Google. Also, this approach is only applicable to browser based SLO. David On Feb 13, 2013, at 11:39 AM, Ed Hillis <[email protected]> wrote: > From what I've seen, CAS logout is not presumed to affect the Google Apps > session. I think once Google gets initial authentication it never looks back. > I'd be interested in what you're suggesting. Coming from a LAMP background, > is there a cURL equivalent in Java? > > Thanks, > Ed > > > On Wed, Feb 13, 2013 at 12:24 PM, Lynxlogic <[email protected]> wrote: > Is IdP initiated single sign out (i.e., sign out from CAS server, or from a > different SP for that matter) supposed to work with Google Apps? I'm seeing > the user logged out from both CAS and Google if I sign out from Google Apps, > but if I sign out from CAS I'm left logged into Google, even though I do have > SLO callbacks enabled. > > If this isn't supported, I wonder if it might be possible to simply customize > the CAS logout JSP with a hidden iframe that simply hits the Google logout > URL. It wouldn't be 100% reliable but perhaps better than nothing. Has anyone > tried this? > > Thanks, > David > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > -- > Ed Hillis, Web Programmer > Southwestern University > 1001 East University Avenue, Georgetown, TX 78626 > 512.863.1066 [email protected] > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
