Hello, I encounter SLO issue with Azure AD as IDP with CAS 6.1.4. I have a few CAS client applications which must use front channel logout to support SLO. In my testing, if login through the default CAS id/pwd UI, SLO worked as as expected. However, if I use delegated Azure AD as IDP, the logout will just performed the Azure AD logout. In the debug, the frontLogout step in the logout flow was executed. However, the rendered content was not sent back to the browser. I guess it was overwritten by the Azure logout step which is useign the setting of azure.logoutUrl.
I tried to removed below setting, but it had no effect (which I could see now the code just reconstruct it anyway) cas.authn.pac4j.oidc[0].azure.logoutUrl=https://login.microsoftonline.com/39469cf7-e1da-410f-be47-95ee748cdb9c/oauth2/v2.0/logout In our business case, it is actually not desirable to perform the Azure Logout, due to applications SSOed with CAS are viewed as different suit to Office 365 suit. So after sign-out from CAS, we expected to see Office 365 still logged-in. Are there any setting that allows me to skip the azure.logoutUrl and performed the front_channel logout instead? I am using CAS 6.1.4 at this point, but I can use any CAS 6 version if necessary. Appreciated your attention. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a236bd91-7ca0-4676-8d0f-170d95621950%40apereo.org.
