...
Some CAS adoptors, notably the Campus Crusade for Christ, have added a Single Sign Out feature whereby CAS Server calls back client applications for which it validated tickets during the CAS session when the user explicitly logs out of CAS.
...
This feature might best be specified as a well-defined but optional extension to the CAS protocol. At ticket validation time, the CAS client can specify the URL whereat it would like to be called back with the ticket it is validating, indicating that the user has logged out of CAS. If the CAS server supports the feature, the validation response would include confirmation of the registered logout callback URL. CAS clients not supporting the feature will not specify a logout callback and so will receive an unmodified validation response. CAS clients supporting the protocol interacting with CAS servers which do not support the protocl will not receive callback confirmation in the validation response and so will not expect the logout callback. Clients will have to be prepared to deal with the callback not happening anyway since this affirmative callback might be blocked by network difficulties, etc. CAS clients supporting the protocol interacting with CAS servers supporting the protocol will receive confirmation in the validation response indicating that they can expect the server to attempt the callback. Again, the callback could fail due to network problems, the client application being out of service at the time of the callback, etc.
Who has done this
Campus Crusade for Christ distributes a CAS server modified to implement this feature.
Audit Trail
Who has done this
Return link at logout
...
Implemented by Yale as checking for the request parameter "url" in the logout.jsp display logic, displaying a link to the provided URL if the parameter is present.
Who has done this
Yale University.
Renew evaluated client-side
...