Allow CAS app to participate in Shibboleth SLO

Question

Allow CAS app to participate in Shibboleth SLO

mzico opened this issue 4 years ago · comments

I tested in 4.1 ( with new 4.1.1 shibb patch ). Seems like SAML SLO is working perfectly but when we are initiating SLO from php app ( phpCAS, in this case ); it's not working.
Seems like CAS ticket ( which is issued by Shibboleth ) is still intact.

I have recorded a screencast which has three machines:

https://test41saml.gluu.org [ my Gluu Server ]
https://samlapp.gluu.org [ a shibboleth SP ]
https://cas.gluu.org [ a cas app, phpCAS ]

Screencast: https://youtu.be/p6_pAu1a5LM

In this screencast, I tried:

Login from SAML app, SSO good.
Logout from SAML app, SSO good.
Login from CAS app, SSO good
Configured CAS app registration ( inside Gluu Server's "cas-protocol.xml.vm" ) so it can participate in Shibboleth SLO
Tried Logout, not working. Session intact.

I am also attaching two logs:

Successful SAML SLO
Not successful CAS SLO.
Note to check: issued ticket "ST-1584455312109-3FzcYp4ojdIw9BYxkAAE8vIHy" is also active in last section.

SAML_CAS_Logout_work_Mar17_2020.zip

Michael Schwartz · Answer 1 · Wed Mar 18 2020 01:27:51 GMT+0800 (China Standard Time)

This should be assigned to Puja Sharma.

mzico · Answer 2 · Wed Mar 18 2020 01:48:29 GMT+0800 (China Standard Time)

Got it, I sent invitation in SAML github group. After confirmation, we can reassign.

mzico · Answer 3 · Wed Mar 18 2020 18:30:05 GMT+0800 (China Standard Time)

Re-adding log files, zip was bad before.

SAML_CAS_Logout_work_Mar17_2020.zip

Djeumen Rolain Bonaventure · Answer 4 · Tue Dec 28 2021 03:44:06 GMT+0800 (China Standard Time)

Just adding a note to self as I'll circle back to this.

This is probably not working because the relying-party.xml.template RP Configuration doesn't contain profile configuration for the CAS protocol. This should be added to allow CAS applications to Participate to Shibboleth SLO