Spring + CAS Redirect to login page after logout

Question

I'm using Spring(3.2.8) + CAS (4.0.0) and I'd like to redirect to the login page after logout (instead of displaying the logout confirm page).

I tried to add cas.logout.followServiceRedirects=true in my cas.properties but nothing happens.

On the client-side when a User wants to logout, he accesses: APP_URL/j_spring_cas_security_logout

My logout-webflow.xml looks like:

<flow xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://www.springframework.org/schema/webflow"
  xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">

<action-state id="terminateSession">
    <on-entry>
        <evaluate expression="cryptoServerLogoutInterceptor.terminateCryptoSession(flowRequestContext)"/>
    </on-entry>
    <evaluate expression="terminateSessionAction.terminate(flowRequestContext)"/>
    <transition to="doLogout"/>
</action-state>

<action-state id="doLogout">
    <evaluate expression="logoutAction"/>
    <transition on="finish" to="finishLogout"/>
    <transition on="front" to="frontLogout"/>
</action-state>

<action-state id="frontLogout">
    <evaluate expression="frontChannelLogoutAction"/>
    <transition on="finish" to="finishLogout"/>
    <transition on="redirectApp" to="redirectToFrontApp"/>
</action-state>

<view-state id="redirectToFrontApp"
            view="externalRedirect:#{currentEvent.attributes.logoutUrl}&amp;RelayState=#{flowExecutionContext.key}">
    <transition on="next" to="frontLogout"/>
</view-state>


<decision-state id="finishLogout">
    <if test="flowScope.logoutRedirectUrl != null" then="redirectView" else="logoutView"/>
</decision-state>

<end-state id="redirectView" view="externalRedirect:#{flowScope.logoutRedirectUrl}"/>

<view-state id="logoutView" view="casLogoutView"/>

On the other way when a User accesses the app without being authenticated , he is redirected to: CAS_URL/login?service=APP_URL%2Fj_spring_cas_security_check

So I will probably need to add/keep somewhere: service=APP_URL

Thx for helping.

EDIT

When I try:

<end-state id="logoutView" view="flowRedirect:login"/>

I end up to:

This webpage has a redirect loop

ERR_TOO_MANY_REDIRECTS

but it works with:

<end-state id="logoutView" view="externalRedirect:contextRelative:login"/>

Answer 1

As you told cas.logout.followServiceRedirects=true is not enough. Because you should define the service that it should redirect after logout:

    <bean id="requestSingleLogoutFilter"
    class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <constructor-arg
        value="${cas.server.address}/logout?service=${cas.server.address}" />
    <constructor-arg>
        <bean
            class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
    </constructor-arg>
    <property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
</bean>

And you should add this filter to springSecurityFilterChain:

        <sec:filter-chain pattern="/j_spring_cas_security_logout*"
            filters="requestSingleLogoutFilter" />