As an update on this (and thanks to everyone who lent expertise) ...
We *did* have "global logout" enabled in the Blackboard building block for Authentication (CAS), although the URL was a custom one that just redirected the user, it did NOT actually point at the CAS logout page, however their internal code was calling it anyway, apparently due to a bug which they are working on as a level 3 ticket. Disabling "global logout" resolves the issue, a the expense of making the UX if a student clicks :"logout" do nothing for 30 seconds and leave them where they started (it didn't work before either, but at least provided the facade). So if you're encountering this, try turniing that setting off and see how it goes. If anyone needs the internal ticket numbers for reference ping me off-list. Thanks, Michael Holstein CISSP Cleveland State University ________________________________ From: [email protected] <[email protected]> on behalf of Richard Frovarp <[email protected]> Sent: Tuesday, January 30, 2018 6:27:29 PM To: [email protected] Subject: Re: [cas-user] Blackboard Ultra I think that they are. From my recollection that was what came up on the Bb admin list a couple of years ago. You have to specify a logout URL, and it sends the user to it after it kills its own session. People are providing the IdP logout URL, so that kicks it off. My suggestion would be to provide a different logout URL other than the IdP. On 01/30/2018 11:38 AM, Ray Bon wrote: I certainly hope that Bb is not sending a logout request to CAS when 'its' session expires (not user initiated). That would single logout the user out of all services (that participate in SLO) regardless of CAS settings ==> unhappy users & confused administrators. Ray On Tue, 2018-01-30 at 09:42 -0600, Richard Frovarp wrote: Do you have a logout URL configured? Best I know is that when a session expires in Bb, it kills the Bb session, then sends the browser to the IdP logout URL, which would kill your TGT. On 01/30/2018 07:08 AM, Michael O Holstein wrote: We recently moved onto Blackboard's SaaS offering (aka "Ultra") and random users are telling us it times out of them. While I suspect this is an issue of opening the app, letting it sit for 2 hours, and then noticing their session went away (which should re-auth as the TGT is still valid on our end). Anyone else seen this? How'd you fix it? Our TGT/ST lifetimes are as-delivered default. Thanks, Michael Holstein CISSP Mgr. Network & Data Security Cleveland State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CO2PR0801MB6478C3DA610FAD823AD852283E40%40CO2PR0801MB647.namprd08.prod.outlook.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CO2PR0801MB6478C3DA610FAD823AD852283E40%40CO2PR0801MB647.namprd08.prod.outlook.com?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1517333882.1782.42.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1517333882.1782.42.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c1d401af-137b-a078-60b0-9cf13f95132d%40ndsu.edu<https://groups.google.com/a/apereo.org/d/msgid/cas-user/c1d401af-137b-a078-60b0-9cf13f95132d%40ndsu.edu?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CO2PR0801MB6476107B4400E70C41AD66783FB0%40CO2PR0801MB647.namprd08.prod.outlook.com.
