Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Logout action #48

Open
pencil opened this issue Dec 4, 2012 · 5 comments
Open

Logout action #48

pencil opened this issue Dec 4, 2012 · 5 comments

Comments

@pencil
Copy link

pencil commented Dec 4, 2012

Implement a logout handler which deletes the local CAS session and redirects to the global CAS logout page.

@calmyournerves
Copy link

👍

@ikogan
Copy link

ikogan commented Dec 11, 2015

I've implemented this functionality in https://github.com/ikogan/mod_auth_cas/tree/v1.1. It isn't very well tested yet though. I have a PR open here dhawes#5 which we'll hopefully get merged all the way down to here at some point.

There's some RPMs available as well: https://github.com/ikogan/mod_auth_cas/releases/tag/v1.1.1.

@ruckc
Copy link

ruckc commented Jan 30, 2020

It would be beneficial to get a logout endpoint that just destroy's the server's session, as javascript can't see the MOD_AUTH_CAS_S cookie when HttpOnly is set, and when the apache tries to delete the cookie with Set-Cookie, mod_auth_cas get's confused and overwrites the Location header with a redirect to /cas/login?service=https://example.com/api/logout. Even putting the /api/logout behind a <Location /api/logout>CASGateway On</Location> it seems to trigger the Location header modification.

@dhawes
Copy link
Contributor

dhawes commented Feb 4, 2020

This is an overly simplistic implementation that expires the cookie and redirects:

https://github.com/dhawes/mod_auth_cas/tree/cas-logout-tests

<Location /logout>
    CASLogout On
</Location>

Is this the basic functionality that people want?

GitHub
An Apache 2.0/2.2 compliant module that supports the CASv1 and CASv2 protocols. - dhawes/mod_auth_cas

@ruckc
Copy link

ruckc commented Feb 8, 2020

Yes, that is the basic functionality. I ended up getting it working with server side code using set-cookie to delete the user's cookie in the browser. Though killing the session in mod_auth_cas ensures it can't be resumed though cookies leaking out of the browser somehow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants