Hi, I am on CAS 6 and noticed the generated SLO request to my SAML client is invalid as it uses "logoutRequest" instead of "SAMLRequest" request parameter:
https://preview.vaadin.com/forum/auth/saml/slo?callback=jQuery36005257602387445194_1708340330512&logoutRequest=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%3Csaml2p%3ALogoutRequest+xmlns%3Asaml2p%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+Destination%3D%22https%3A%2F%2F[...] Resending the exact same request via browser but with changed parameter name (logoutRequest => SAMLRequest) works and I am logged out. This is about IDP initiated front-channel SLO with HTTP-REDIRECT binding. I already checked the CAS sources and debugged into the matter: 1) FrontChannelLogoutAction is called as expected 2) As SLO works if I change the parameter name, the actual payload is correctly generated 3) FrontChannelLogoutAction uses new LogoutHttpMessage(r.getLogoutUrl(), logoutMessage.getPayload(), true) that always uses public static final String LOGOUT_REQUEST_PARAMETER = "logoutRequest"; as the request parameter name. I cannot see that formatOutputMessageInternal() is overwritten. Now, I wonder how to fix that. Or is my client actually wrong and should support "logoutRequest" parameter, too? Or is there some misconfiguration in my setup? Cheers, Paul -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/07af6bd5-3755-4d91-92ea-b6f068eb99a0n%40apereo.org.
