I have site A (Drupal) using the cas_server module with site B (Drupal) as a client configured to use site A as the cas server. No matter what I define in site B's redirect options they are not obeyed when logging in and out through site A.

When logging in to site B, site A redirects back to site B but it always points at the page it came from and the login redirect is ignored.

When logging out with the caslogout link on site B I'm always redirected to site A's home page, the logout redirect is always ignored even if it is present in the URL.

Comments

Anonymous’s picture

Apologies, the login destination was "Initial login destination" which does not apply since I was doing it multiple times.

This still applies for the logout destination, however.

Anonymous’s picture

By removing the following from cas_server_logout() I have gotten this working properly:

module_invoke_all('user', 'logout', NULL, $user);

Since that is placed where it is, the following doesn't even seem to show up at all when the logout is performed (the homepage redirect happens first):

  $output = t('<p>You have been logged out successfully</p>');
  if ($_GET['url'])  {
    $output .= '<p>'. l(t('Continue'), $_GET['url']) .'</p>';
  }
  return $output;

Now it does. The only thing doing the actual logging out is the session_destroy();

I am unsure if this will have unintended consequences.

bfroehle’s picture

Title: Using cas_server module on one Drupal site and client on another, login and logout redirects are ignored for client » CAS Server does obey logout redirects
Version: 6.x-3.0 » 6.x-3.x-dev
Component: Code » CAS Server
Status: Active » Needs review
StatusFileSize
new1.21 KB

Reading through the current cas_server_logout() shows that it is quite broken:

(1) It uses $user but never does global $user; to import it.
(2) It does not set $user to the anonymous user.

Attached patch makes cas_server_logout() much more like user_logout() (in the ordering of session destroy, etc).

Not sure if this will solve the issue of the original post. In addition, we should probably convert this text into a theme function which could be overridden.

bfroehle’s picture

We'll need to apply these fixes to 7.x-1.x as well.

bfroehle’s picture

Status: Needs review » Needs work
+++ b/cas_server.moduleundefined
@@ -199,12 +199,21 @@ function _cas_server_save_ticket($uid, $service) {
-  $output = t('<p>You have been logged out successfully</p>');

This will cause warnings later since we are appending to a variable which will not exist.

thecarlhall’s picture

Version: 7.x-1.x-dev » 6.x-3.x-dev
Status: Needs review » Needs work
StatusFileSize
new921 bytes

Attaching an updated patch to #3 for 7.x-1.x that includes 2 other tiny changes/fixes:

  • Use isset when checking for request parameters
  • Ignore exceptions from session_destroy()
bfroehle’s picture

Version: 6.x-3.x-dev » 7.x-1.x-dev
Status: Needs work » Needs review
bfroehle’s picture

Version: 6.x-3.x-dev » 7.x-1.x-dev
Status: Needs work » Needs review
StatusFileSize
new1.37 KB

I intend to commit the attached patch to 7.x-1.x.

bfroehle’s picture

Version: 7.x-1.x-dev » 6.x-3.x-dev
StatusFileSize
new1.52 KB

And the following patch to 6.x-3.x.

bfroehle’s picture

Status: Needs review » Fixed

Committed to 6.x-3.x and 7.x-1.x.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit 93166db on 7.x-1.x, 8.x-1.x by bfroehle:
    Issue #1169948 by bfroehle, thecarlhall, vilepickle: Fixed CAS Server...