Hi Frederic, I’m still not convinced that this should really be a blocker, nor am I convinced that signing the users out of CAS is the right default behaviour. When you sign into a system using Google authentication and you click `Sign out` in that system, you will be logged out of that system and not Google. CAS authentication in OAE works in a similar way where you will be signed out of OAE but not CAS. I believe many CLE deployments work this way as well.
Having said that, we can probably add a new configuration option that specifies the URL that a user should be sent to when signing out of OAE. In your instance, you could set that to a URL that points to a CAS page that allows them to sign out of CAS altogether. Something like this is definitely a contribution that we’d happily accept. If there’s not enough time to look at this from your side, we might have some time next week to investigate. Hope that helps, Nicolaas On 14 Mar 2014, at 09:46, frederic dooremont <frederic.doorem...@univ-littoral.fr> wrote: > hi all, > > We're almost ready to launch the first phase for hosting a (pilot) OAE in > France. > We acknowledge that the CAS logout does not work at the moment but to be > honest, working this out seems very important for the adoption of OAE in the > French community… Some universities may very well refuse to have their own > tenant before this functionality is available. > Would it be possible to solve this problem? If so, do you have an idea of > when you'd have the time to implement it? > > Kind regards, > Mathide, Jean-François, Timothee, Florent et Frederic > > > > > Le 11 mars 2014 à 19:56, Branden Visser <mrvis...@gmail.com> a écrit : > >> I think CAS offers both the ability to redirect to a URL to >> automatically log out, or a page that notifies the user they have >> logged out of a CAS-enabled application and offers the ability to log >> out of the CAS service as well. >> >> Not sure we would need to implement the former, but I could see a case >> for at least the latter. At time of logout, we would need to know that >> the user originally authenticated through CAS and there would need to >> be a configuration for the redirect URL in the Admin UI. >> >> On Tue, Mar 11, 2014 at 2:44 PM, Nicolaas Matthijs >> <nicolaas.matth...@caret.cam.ac.uk> wrote: >>> I'm not entirely sure if that's even desired behaviour (or possible). When >>> you sign into a 3rd party service using Google, it doesn't sign you out of >>> Google when signing out of the 3rd party service either. >>> >>> Hope that helps, >>> Nicolaas >>> >>> >>> On 11 Mar 2014, at 18:42, Branden Visser <mrvis...@gmail.com> wrote: >>> >>>> Hi Frederic, >>>> >>>> This indicates that the cookie is indeed getting cleared so there is >>>> no issue there. Container logout (i.e., logging out from OAE logs you >>>> out from your CAS server) is not currently implemented. >>>> >>>> Thanks, >>>> Branden >>>> >>>> On Tue, Mar 11, 2014 at 2:36 PM, frederic dooremont >>>> <frederic.doorem...@univ-littoral.fr> wrote: >>>>> >>>>> after the logout i see well Sign in but if i click in this button i have >>>>> already connected without authentification cas >>>>> >>>>> Le 11 mars 2014 à 19:24, Nicolaas Matthijs >>>>> <nicolaas.matth...@caret.cam.ac.uk> a écrit : >>>>> >>>>>> Does /api/me indicate that you're anonymous after logging out? Does the >>>>>> UI correctly show the `Sign in` button? >>>>>> >>>>>> Nicolaas >>>>>> >>>>>> >>>>>> On 11 Mar 2014, at 18:23, frederic dooremont >>>>>> <frederic.doorem...@univ-littoral.fr> wrote: >>>>>> >>>>>>> how to see hat it does in fact remove the OAE session cookie ? >>>>>>> fred >>>>>>> >>>>>>> >>>>>>> Le 11 mars 2014 à 18:46, Branden Visser <mrvis...@gmail.com> a écrit : >>>>>>> >>>>>>>> Hi Frederic, while logout should remove your session cookie, it >>>>>>>> currently does not perform container logout through your CAS server. >>>>>>>> >>>>>>>> Can you confirm that it does in fact remove the OAE session cookie? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Branden >>>>>>>> >>>>>>>> On Tue, Mar 11, 2014 at 1:02 PM, frederic dooremont >>>>>>>> <frederic.doorem...@univ-littoral.fr> wrote: >>>>>>>>> hi all, >>>>>>>>> I use the cas authentication for a tenant, but it seems that the >>>>>>>>> logout doesn't work. >>>>>>>>> I use with param logout : /logout or /logout?url=oae.tenant.com >>>>>>>>> >>>>>>>>> thanks for your help. >>>>>>>>> king regards >>>>>>>>> fred >>>>>>>>> _______________________________________________ >>>>>>>>> oae-dev mailing list >>>>>>>>> oae-dev@collab.sakaiproject.org >>>>>>>>> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >>>>>>> >>>>>>> _______________________________________________ >>>>>>> oae-dev mailing list >>>>>>> oae-dev@collab.sakaiproject.org >>>>>>> http://collab.sakaiproject.org/mailman/listinfo/oae-dev >>>>>> >>>>> >>> > _______________________________________________ oae-dev mailing list oae-dev@collab.sakaiproject.org http://collab.sakaiproject.org/mailman/listinfo/oae-dev
