Setting up CAS Single Logout

CAS or Central Authentication Service refers to a web-based single sign-on protocol and corresponding open source software application, through which a user can log in once using a single ID and password and gain access to multiple applications during the same session. Portfolio administrators can use CAS authentication to control access to personalized or patron-only features in Portfolio, including the My Account page and Place Hold action.

Portfolio supports Single Logout (SLO) when using CAS authentication, subject to the CAS service registry configuration. Consequently, clicking Log Out in Portfolio also ends your CAS session. Additionally, ending your CAS session by another means also automatically ends your Portfolio session.

To configure your CAS server for SLO

To use SLO with Portfolio, you must configure the CAS server to send back-channel logout requests to a specific Portfolio endpoint. The endpoint URL—declared using the logoutUrl property—takes the form of https://host/disc/cas/logout where host is the fully qualified domain name for the Portfolio server.

Service configuration example

{
/*
* Definition for Portfolio 5.0.1+ instance with SLO enabled.
*/
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://discovery.sirsidynix.net/.*",
"name" : "DSC Instance",
"logoutType" : "BACK_CHANNEL",
"logoutUrl" : "https://discovery.sirsidynix.net/disc/cas/logout",
"id" : 20190901111820, /* Any unique ID number should work */
"evaluationOrder" : 9999 /* Less than any generic matcher */
}

For more information, please consult the Apereo CAS project documentation, with particular reference to Service Management and Logout and Single Logout (SLO).

Setting up CAS Single Logout

To configure your CAS server for SLO

Service configuration example

Related topics