-
Notifications
You must be signed in to change notification settings - Fork 391
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alternate URL for logout requests #434
Comments
Are you looking at the CAS server, or the CAS client/protocol doc? |
I'm a bit confused about what that documentation is really for. Are you suggesting that this is something that needs to be configured on the CAS server and cannot be specified by the application at login time? That would actually make sense. I'll ask the people running the CAS server to see if they can configure it. |
The phpCAS library intercepts logout calls on any URL if it's embedded. At least in a simple setup phpCAS just works out of the box no matter which URL is used. We check every for any logout data. The default for the CAS server is to use the original service URL used during login or you can now manually "override" this on the server side for non-standard CAS client implementations: https://apereo.github.io/cas/6.6.x/installation/Logout-Single-Signout.html#service-endpoint-for-logout-requests There is another ticket that explains a bit how single logout works and how to debug this: #373 |
Thanks for the insight! According to the guys running our CAS server, the custom logout URL is specified by the requesting client, not the server. However, that contradicts what you say and also what the documentation says.
I see. In our case we're now quite confident that this will be at most two different URLs, depending on whether the user was already logged into the SSO, or requested it while not being logged in. So we'll just call Thanks for the help, I will close this for now. |
I have implemented single logout and can receive logout requests just fine. However, the URL invoked for theses logout requests varies, depending on how the login happened. According to the CAS documentation it is possible to set an option
logoutUrl
to define where the logout requests should be submitted to. But I cannot figure out how to set this option using phpCAS. Is this possible?The text was updated successfully, but these errors were encountered: