I thought we had an open issue to eventually do an implementation that is clustered. Apparently, my memory of JIRA issues is failing me lately.
We should create one to at least track this. I know there's been some discussion on list about it before. Cheers, Scott On Tue, May 4, 2010 at 9:18 AM, Marvin Addison <[email protected]>wrote: > I need to correct the claims in my previous message. I thought we'd > confirmed this working, but was mistaken. > > > We have done this. > > And it doesn't work. > > > We have hardware load balancers for our > > implementation, but it was as simple as enabling session replication > > in our servlet container (JBoss 5.1). When any node received the SAML > > logout request, it propagated the dead session to the other nodes. > > Nope. Doesn't work. The CAS Assertion that tracks authenticated > state is replicated, sure enough. But the mapping of ticket to > Assertion is _not_ replicated. The default implementation is a static > HashMap, which obviously only exists on the node to which the client > was bound. If the SAML LogoutRequest hits the other node, it simply > ignores it because it can't find the Session matching the given > service ticket. Clearly an alternate SessionStorage implementation is > needed to handle this case; for example, one that uses JBossCache. > > I apologize for jumping the gun on this; I simply miscommunicated with > the other folks working on confirming clustered single sign-out. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
