We have CAS v6.5.0 deployed to do delegated authentication to a generic OIDC provider.
The configuration also includes the logout URL to the OIDC provider, so that the user is logged out of the OIDC provider on logging out of the application and CAS. On successful authentication, the PAC4j user profile is saved along with the TST ticket in the ticket registry. So, when the user logs out, the user profile tied to the TST ticket is retrieved and the OIDC logout occurs. However, if the TST expires before the user logs out, there is no user profile found for the session, and so OIDC logout never happens in that case. What is the ideal/recommended timeout value for a transient session ticket in a CAS server that is configured to do delegated authentication? Are there any other configurations to store/retrieve the OIDC user profile besides in TST? Appreciate any suggestions on handling this use case. Thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/64812f0b-0215-431e-b764-1cadb028a07cn%40apereo.org.
