CAS Single Sign-Out Issue #336
Description
CAS Single Sign-Out Issue
When running the CAS login example, there is no issue with logout using the provided sample, but there are issues with custom logout functionality.
Service Information
- CAS Server: https://127.0.0.1:8443/cas
- Client: http://127.0.0.1:8080
- Single Sign-Out URL: https://127.0.0.1:8443/cas/logout
Problem Description
After logging in, when executinglocation.href='https://127.0.0.1:8443/cas/logout?service=http%3A%2F%2F127.0.0.1%3A8080'in the console using the developer tools to logout, it is occasionally observed that the user is not redirected to the CAS server's login page. Upon tracing the code, it is found that the logout operation executing/login/casand redirecting to the service address are handled by two different threads. This results in an inability to guarantee a fixed execution order between the two, and also ensures that the CAS server is fully logged out before redirecting to the service address. This leads to a scenario where, upon redirecting to the service, the user may not be able to be redirected to the CAS server's login page. Due to project requirements, logout may only be performed in this manner, and no better solution can currently be devised.