https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20854 Bug ID: 20854 Summary: Redirect after logout with CAS 3.0 broken Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: katrin.fischer@bsz-bw.de QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org There has been a change in the parameters for the logout request between CAS 2.0 und CAS 3.0: Redirect URL parameter CAS 2.0: url CAS 3.0: service The CAS module used by Koha officially only support CAS 2.0, so when you logout from a CAS 3.0 server now, the redirect to Koha will be broken. See here: https://github.com/apereo/cas/blob/master/docs/cas-server-documentation/prot... Note: The url parameter defined in the former CAS 2.0 specification is not a valid parameter in CAS 3.0 anymore. CAS Servers MUST ignore given url parameters. A CAS client MAY provide the service parameter as described above, as this ensures the parameter is validated against the registered service URLs when operating in non-open mode. See 2.3.2 for details. We are using the following 'hack' to make the redirect work correctly: C4/Auth_with_cas.pm $uri =~ s/\?logout\.x=1//; # We don't want to keep triggering a logout, if we got here, the borrower is already logged out of Koha - print $query->redirect( $cas->logout_url(url => $uri)); + my $logout_url = $cas->logout_url(url => $uri); + $logout_url =~ s/url/service/; + print $query->redirect( $logout_url ); We won't have time to fix this properly, but wanted to document problem and workaround at least. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.