Use a browser plugin like SAML Tracer to see what is being sent in the log out request. Also check when and which cookies are being created / sent. If the expired TGC is being used, that will create problems.
Expired cookies should be removed by the browser. Does this behaviour happen in all browsers? Ray On Sat, 2024-08-10 at 10:13 -0700, yogesh wrote: You don't often get email from yogeshwarb...@gmail.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Hi everyone, I am using CAS 6.6.15 server in delegated authentication with Microsoft Azure AD via SAML 2. I have added cas-server-support-pac4j-webflow and cas-server-support-pac4j-api these dependencies in the pom.xml. Below are the properties I have added in cas.properties file. cas.authn.pac4j.saml[0].identity-provider-metadata-path=/etc/cas/saml/idp-metadata.xml cas.authn.pac4j.saml[0].keystore-password=changeit cas.authn.pac4j.saml[0].keystore-path=/etc/cas/selfsigned.jks cas.authn.pac4j.saml[0].private-key-password=changeit cas.authn.pac4j.saml[0].service-provider-entity-id=https://{cas-server-ip}:8443/cas/samlsp cas.authn.pac4j.saml[0].service-provider-metadata-path=/etc/cas/saml/samlSpMetadata.xml cas.authn.pac4j.saml[0].use-name-qualifier=false cas.authn.pac4j.saml[0].client-name=SAML2Client2776 cas.logout.redirect-url=https://login.microsoft.com/{azure-application-id}/saml2 I have imported the Microsoft Entra Id registered application's Base64 encoded certificate in the keystore that I am using and also added idp-metadata.xml path in cas.properties file. I am able to successfully login to the cas application via delegated authentication but during logout I am facing some issue. When I click link on casSuccessView page, it redirects to Microsoft logout URL mentioned in property cas.logout.redirect-url but shows error "SAMLRequest or SAMLResponse must be present as query string parameter in HTTP request for SAML redirect binding." I logs I could see there is one message something like "No Logout Action is triggered". Also I noticed one things that, in cookies there are two TGC cookies are created one is already in expired state. Is that causing the issue? If I am not wrong this two cookie issue is resolved in CAS version 7. Error Screenshot: [CAS Error.png] Thank you in advance. Please help we are stuck with this issue for quite few months time. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/91f5d5c0ca372e5ca7cbc76eca6e809349d761da.camel%40uvic.ca.
