We have CAS 4.1.5 with cas-mfa for duo auth. If a user accesses a service that uses duo it creates a TGT that stays the same when the same user accesses other services whether they use Duo. When logout occurs all the services get sent a logout request as expected. But, if the user first accesses one or more services that do not use Duo, they use a TGT. Then if they access a service using Duo it generates a new TGT that is used for all services after that point. When logout occurs only the services associated with the later TGT get sent a logout request. The services that were associated with the first TGT do not get sent a logout request. It makes sense somewhat, but we’d like to have all services accessed by the user get the logout requests.
Is there a way to have the original servers be associated with the new TGT? Have others dealt with this, and how? Thanks. Ted Fisher Bowling Green State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB293333DC4FD71179EB319B31C0100%40CY4PR05MB2933.namprd05.prod.outlook.com.
