Central Authentication Service (CAS) Single Logout (SLO) Work Flow
SLO Overview
NOTE: Single Logout (SLO) need CAS Server support.
With Single Logout (SLO), user gets logged out not only from the CAS Server, but also from all visited CAS client applications.
django-cas-ng proudly support SLO since release 3.5.0. The implementation is part of python-cas .
Technical Detail
If SLO is supported by the CAS Server, the CAS Server MUST send a HTTP POST request containing a logout XML to all service URLs provided to CAS during this CAS session whenever a Ticket Granting Ticket is explicitly expired by the user (e.g. during logout).
CAS Clients that do not support the SLO POST requests MUST ignore these requests. SLO requests MAY also be initiated by the CAS Server upon TGT idle timeout.
Example Flow of Single Logout (SLO)
XML request body in step 5 and 7:
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="[RANDOM ID]" Version="2.0" IssueInstant="[CURRENT DATE/TIME]">
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
@NOT_USED@
</saml:NameID>
<samlp:SessionIndex>[SESSION IDENTIFIER]</samlp:SessionIndex>
</samlp:LogoutRequest>
Reference
OmniLock - Block / Hide App on iOS
Block distractive apps from appearing on the Home Screen and App Library, enhance your focus and reduce screen time.
DNS Firewall for iOS and Mac OS
Encrypted your DNS to protect your privacy and firewall to block phishing, malicious domains, block ads in all browsers and apps