Hi,
I am trying to implement delegated authentication to Microsoft Entra (AAD)
with SAML2.
Currently I have successfully implemented login from SP -> CAS -> Entra.
However, I am encountering issues with logout.
SP uses SAML to communicate with CAS and CAS uses SAML to communicate with
Entra.
When I initiate logout from SP , it will POST /idp/profile/SAML2/POST/SLO
with a LogoutRequest to CAS. CAS will then handle the request and sends a
LogoutRequest to Entra.
However, the issue I'm having is that the end page ends at
{cas}/logout?service=. It does not redirect back to the SP's callback.
Is there anyway i can redirect back to SP's callback?
config:
cas.authn.saml-idp.core.entity-id=https://{cas}/idp
cas.authn.saml-idp.metadata.file-system.location=file:/etc/cas/saml/saml-idp
cas.authn.pac4j.saml[0].client-name=entra
cas.authn.pac4j.saml[0].service-provider-entity-id=https://{cas}/cas
cas.authn.pac4j.saml[0].destination-binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
cas.authn.pac4j.saml[0].keystore-path={keystore}
cas.authn.pac4j.saml[0].keystore-password=changeit
cas.authn.pac4j.saml[0].private-key-password=changeit
cas.authn.pac4j.saml[0].metadata.identity-provider-metadata-path={entra-metdata}
cas.authn.pac4j.saml[0].metadata.service-provider.file-system.location={cas-sp-metadata}
cas.authn.pac4j.saml[0].wants-responses-signed=true
cas.authn.pac4j.saml[0].use-name-qualifier=false
cas.authn.pac4j.saml[0].sign-service-provider-logout-request=true
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9c935d32-3b72-4464-b116-e92bbd0cf3ben%40apereo.org.
