Just like anything with cas it should be over ssl but its not required. The default is to post back to the exact request url.
------Original Message------ From: grhwood To: CAS Developer's Mailing List ReplyTo: CAS Developer's Mailing List Subject: Re:[cas-dev] Sign out with CAS behind a SSL off-load server Sent: May 4, 2010 3:59 AM Hi Marvin, I've looked at the SingleSignOutFilter and SingleSignOutHttpSessionListener source code, and i don't see any host name validation. So i guess the CAS server don't have to send the log-off request through the load-balancing server. I have a questtion: Does the log-off request need to be sent by https ? For the advice before, i'll config the httpd server as both forward proxy and reverse proxy for the tomcats behind it to see it this will work :) Thank you. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev Sent from my Verizon Wireless BlackBerry -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
