I believe we removed the url parameter by design (I'd have to search my email archives to find the exact reason but I believe it was due to the fact that it wasn't run through the Services Management tool so it basically became open)
On Wed, Mar 12, 2014 at 6:47 AM, Jérôme LELEU <lel...@gmail.com> wrote: > Hi, > > I take a look at the source code of the CAS server 4.0: I see the > "service" parameter used ( > https://github.com/Jasig/cas/blob/master/cas-server-webapp-support/src/main/java/org/jasig/cas/web/flow/LogoutAction.java#L75), > though I don't see anywhere the use of the "url" parameter: the > *screen.logout.redirect* property ( > https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/resources/messages.properties#L53) > is not used in the logout view, nor anywhere else I search: am I missing > something? > Thanks. > Best regards, > Jérôme > > > > 2014-03-11 22:06 GMT+01:00 Robert Oschwald <robertoschw...@googlemail.com> > : > >> it was an extension added in cas 3.x servers and will be covered in the >> new spec. >> >> Sent while mobile. >> >> > Am 11.03.2014 um 21:59 schrieb "McClenon, Brady" < >> brady.mccle...@oneonta.edu>: >> > >> > It seems to work pre-CAS protocol 3.0.... >> > >> > >> > http://jasig.275507.n4.nabble.com/Redirect-after-logout-td254421.html >> > >> > >> > >> > -----Original Message----- >> > From: Robert Oschwald [mailto:robertoschw...@googlemail.com] >> > Sent: Tuesday, March 11, 2014 4:26 PM >> > To: cas-u...@lists.jasig.org >> > Subject: Re: [cas-user] CAS protocol for logout >> > >> > thats a CAS protocol 3.0 feature which is described here (spec is not >> final released yet) >> > >> > >> https://github.com/Jasig/cas/blob/master/cas-server-protocol/3.0/cas_protocol_3_0.md >> > >> > Sent while mobile. >> > >> >> Am 11.03.2014 um 20:55 schrieb Tom Poage <tfpo...@ucdavis.edu>: >> >> >> >> Hello, >> >> >> >> The CAS protocol for logout says it takes an optional parameter 'url' >> >> as a +/- logout landing page. >> >> >> >> I just noticed on one of our sites the use of >> >> >> >> .../logout?service=... >> >> >> >> I was about to notify the site owners that this violated protocol >> >> (implying it wouldn't do what they thought it did), when I tried it >> >> myself, was logged out, and then redirected to the URL listed in the >> >> 'service' parameter. >> >> >> >> Undocumented feature? Is the protocol page out of date? Something else? >> >> >> >> Cf. http://www.jasig.org/cas/protocol >> >> >> >> Thanks. >> >> Tom. >> >> >> >> -- >> >> You are currently subscribed to cas-u...@lists.jasig.org as: >> >> robertoschw...@googlemail.com To unsubscribe, change settings or >> >> access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > -- >> > You are currently subscribed to cas-u...@lists.jasig.org as: >> brady.mccle...@oneonta.edu To unsubscribe, change settings or access >> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > >> > -- >> > You are currently subscribed to cas-u...@lists.jasig.org as: >> robertoschw...@googlemail.com >> > To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> >> -- >> You are currently subscribed to cas-u...@lists.jasig.org as: >> lel...@gmail.com >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
