sslspring-securityssl-certificatecasjasig

Single Logout with CAS


I have an environment with a cas server and any java clients. I'm facing a problem with single logout with all clients, because, the client do a redirect to path /cas/logout and only this session is logged out. The ticket inside the cookie CASTG is cleaned up, but the user yet can access other applications, but, when the client try access the application that user did redirect to /cas/logout, the cas server asks user credentials.

According I saw when you do a request to a /cas/logout this works like a chain, where CAS server do sign out one by one.

Obviously is a configuration problem, but, I'm not able to find it.

Important: When a user do a request to cas/logout two cookies are deleted, CASTGC and CASPRIVACY


Solution

  • Indeed, the CAS server should send logout requests to all applications the user has accessed when you call /cas/logout, in addition to the deletion of its own cookies (CASTGC and CASPRIVACY). The property managing that is: https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties#L75...