Hi everyone! I was attempting to upgrade my CAS version from v6.3 to v6.4 (and after to v6.5), when I saw an extrange behavior on CAS.
Let me explain, I had configured some apps on my CAS through SAML2 protocol using CAS as IDP, one of them is Microsoft. I followed this guide some months ago for the integration and worked fine: https://apereo.github.io/2018/12/06/cas53-office365-saml2-integration/ Microsoft currently have an issue in their SLO request, for which they don't send signed their SLO request. This issue trigger CAS to reject microsoft SLO request. Therefore CAS session continue active. That was the standard and logical CAS behavior on v6.3 and previous (nice). *Since v6.4 I can check that when CAS reject microsoft SLO request, CAS perform logout operations for the current TGT ticket booth. This causes that when I open a browser new tab, the SSO has finished and CAS show me again the login form. Why this? If CAS reject the SLO request why is destroying the current ticket and finishing SSO session?* *These are my cas logs:* 2022-05-16 19:00:07,351 WARN [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler] - <Message Handler: Simple signature validation (with no request-derived credentials) failed> 2022-05-16 19:00:07,351 WARN [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler] - <Message Handler: Validation of request simple signature failed for context issuer: urn:federation:MicrosoftOnline> 2022-05-16 19:00:07,379 INFO [org.apereo.cas.logout.DefaultLogoutManager] - <Performing logout operations for [TGT-5-*****L9LLex6PrA-escritorio-cas]> 2022-05-16 19:00:07,393 INFO [org.apereo.cas.logout.DefaultLogoutManager] - <[2] logout requests were processed> 2022-05-16 19:00:07,410 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: empleado1demo WHAT: TGT-5-*****L9LLex6PrA-escritorio-cas ACTION: TICKET_DESTROYED APPLICATION: CAS WHEN: Mon May 16 19:00:07 CEST 2022 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= I attempted to update CAS to v6.5 to try If in this version CAS works like v6.3, but It seems no. I attach some screenshots. One of them is the Microsoft SLO request (rejected by CAS as you can see in the previous logs), and second one is a login request (at that point CAS should have an active SSO session). Thanks so much for your support. I hope to find a solution for this. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ec678698-9ec1-4b00-b047-7a3f7123a5c4n%40apereo.org.
