[cas-user] Re: Logout workflow with Delegated Auth
I have the same issue, delegated CAS to other idp used pac4j, login is fine,but when logout, the Userprofile's information is gone, no nameid,so the IDP return error, SLO cannot accomplished 在 2019年7月4日星期四 UTC+8下午7:16:17,Julien Gribonvald写道: > > Hi, > > I can't find in documentation how the logout should work with delegated > Authentification (from pac4j module as example). > > I'm looking on the workflow when the global logout is initiated from the > CAS (or from a service to the CAS), is there a way to propagate it to > the IDP which the user connected ? I can't have this working with a SAML > IDP whereas metadatas have the SLOLogout url information provided. > > Also is it working when the logout request come from the SAML IDP ? > > How this should work, what are the requirements ? I'm using the CAS V6 > master branch. > > Thanks, > > -- > Julien Gribonvald > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/898ec624-c3eb-4d16-9d48-d7b124fb5537%40apereo.org.
[cas-user] Re: Logout workflow with Delegated Auth
After more debuging on this problem it seems that the session can't be retrieved whereas all element where saved in the session store. The requestContext doesn't contains any session at the logout process (event if the action is called before the terminateSessionState and so only a new session is available. But cookies are again available ! Where is the problem ? the webflow can't provide a session is there some configuration needed ? Thanks Le jeudi 4 juillet 2019 14:29:47 UTC+2, Julien Gribonvald a écrit : > > To add some informations from my previous message: > - from CAS I have this log : > DEBUG > [org.apereo.cas.web.flow.DelegatedAuthenticationSAML2ClientLogoutAction] - > logout action will be executed.> > > after debugging into the code to find if a client is a SAML2Client a > profile should be provisionned, but it's not the case so it returns each > time a null client. > > What is missing here ? should a profile be provisionned and how in this > case ? Or there is a problem with a wrong check ? > > I could fix that but let me know what is to good way to do. > Thansk > > > Le jeudi 4 juillet 2019 13:16:17 UTC+2, Julien Gribonvald a écrit : >> >> Hi, >> >> I can't find in documentation how the logout should work with delegated >> Authentification (from pac4j module as example). >> >> I'm looking on the workflow when the global logout is initiated from the >> CAS (or from a service to the CAS), is there a way to propagate it to >> the IDP which the user connected ? I can't have this working with a SAML >> IDP whereas metadatas have the SLOLogout url information provided. >> >> Also is it working when the logout request come from the SAML IDP ? >> >> How this should work, what are the requirements ? I'm using the CAS V6 >> master branch. >> >> Thanks, >> >> -- >> Julien Gribonvald >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c1b91b16-da4c-4510-8c96-329243e28151%40apereo.org.
[cas-user] Re: Logout workflow with Delegated Auth
To add some informations from my previous message: - from CAS I have this log : DEBUG [org.apereo.cas.web.flow.DelegatedAuthenticationSAML2ClientLogoutAction] - after debugging into the code to find if a client is a SAML2Client a profile should be provisionned, but it's not the case so it returns each time a null client. What is missing here ? should a profile be provisionned and how in this case ? Or there is a problem with a wrong check ? I could fix that but let me know what is to good way to do. Thansk Le jeudi 4 juillet 2019 13:16:17 UTC+2, Julien Gribonvald a écrit : > > Hi, > > I can't find in documentation how the logout should work with delegated > Authentification (from pac4j module as example). > > I'm looking on the workflow when the global logout is initiated from the > CAS (or from a service to the CAS), is there a way to propagate it to > the IDP which the user connected ? I can't have this working with a SAML > IDP whereas metadatas have the SLOLogout url information provided. > > Also is it working when the logout request come from the SAML IDP ? > > How this should work, what are the requirements ? I'm using the CAS V6 > master branch. > > Thanks, > > -- > Julien Gribonvald > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/957dcddb-6704-42bc-8099-4e992fc6152c%40apereo.org.
