Currently, mod_auth_cas has rather limited support for single-sign-out, because it has to consume some of the request body to decide if it is actually a logout request or not.
Is there a reason why the CAS protocol does not make it possible to distinguish a logout request from the request-URI and headers? Max.
signature.asc
Description: OpenPGP digital signature
