Hey, everyone, I'm looking at implementing the Single Sign Out/Single Log Out in the CAS, OpenID, and Header modules, and need a little guidance in the best way to accomplish this. For each of these modules, it seems like the way to accomplish the SLO functionality is to redirect the user to a logout page for the given IDP. I'm just having a little trouble figuring out where and how to accomplish it.
My thought is that the place to do this would be in the invalidate() method within the various implementations of the AuthenticatedUser in the modules. However, most of the redirection to other places for authentication is handled by throwing exceptions that are then translated by the AngularJS application to redirect. However, the current implementation of invalidate() doesn't include the specification to throw exceptions, so that's not going to work out of the box. The other option would seem to be to generate an HttpServletResponse that can redirect the client, but I can't pull this out of thin air and don't seem to be able to figure out where to make it come from. Suggestions on what direction I should look in? Is this something that should work by writing something simple in the invalidate() method, or do I need to be looking at retooling the API and/or guacamole-ext stuff a little bit to allow this functionality? Thanks - Nick
