Central Authentication Service (CAS) Single Logout (SLO) Work Flow
NOTE: Single Logout (SLO) need CAS Server support.
With Single Logout (SLO), user gets logged out not only from the CAS Server, but also from all visited CAS client applications.
If SLO is supported by the CAS Server, the CAS Server MUST send a HTTP POST request containing a logout XML to all service URLs provided to CAS during this CAS session whenever a Ticket Granting Ticket is explicitly expired by the user (e.g. during logout).
CAS Clients that do not support the SLO POST requests MUST ignore these requests. SLO requests MAY also be initiated by the CAS Server upon TGT idle timeout.
Example Flow of Single Logout (SLO)
XML request body in step 5 and 7:
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="[RANDOM ID]" Version="2.0" IssueInstant="[CURRENT DATE/TIME]"> <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> @[email protected] </saml:NameID> <samlp:SessionIndex>[SESSION IDENTIFIER]</samlp:SessionIndex> </samlp:LogoutRequest>
Was this page helpful?
Glad to hear it!
Sorry to hear that.