...
Who has done this
Return link at logout and other Logout customization
High level discussion
When sending the user to the CAS logout page, you might want to provide a URL to CAS such that when it paints the logout page it provides users an opportunity to follow a link to someplace interesting. For instance, upon logging out of CAS from your uPortal instance, you might have the CAS logout screen provide a link back from CAS logout to the uPortal guest page. Columbia's WIND takes this further by allowing services to provide customized text to include in the logout UI.
Implementation notes
Implemented by Yale as checking for the request parameter "url" in the logout.jsp display logic, displaying a link to the provided URL if the parameter is present.
Who has done this
Yale University. Columbia University.
Renew evaluated client-side
CAS 2.0 offers a request parameter "renew" on service ticket validation. Setting renew=true requires that the ST was issued in the same transaction as that which issued its granting ticket – that is, the user presented primary crendentials simultaneous with specifying the target for which the ST was issued.
Columbia WIND includes this boolean in the ticket validation response. Doing so enables clients to determine client-side whether to require this of a ST.
...
Suppose a service wishes to allow users to opt into Single Sign On. If this attribute of STs is communicated in the validation response, then the client can examine the authenticated username and whether the ST was issued simultaneous with user presentation of primary credentials. If the user has opted into SSO, great. If the user has not opted into SSO, but the user presented primary credentials at the time the ST was issued, great. If the user has not opted into SSO but the ticket was issued via SSO, then the service can redirect back to CAS login with renew=true.
Who has done this
- Columbia University