Can't we just use registered service improvement to register all the
machine in the load balancer?While sending the log out request send the
logout request to multiple urls ( all machines participating in load
balancing for a service) instead of the single url per service.
Marvin Addison wrote:
The crux of the problem is that the CAS server itself is making
back-channel connections to send the sign out request to client
applications, so there is no possible way for the load balancer to
correlate user requests with those made by the CAS server. It's hard
to imagine any solution other than requiring load balanced client
applications to share/replicate session state. This is a tough
requirement to impose on client applications, and it indeed surprised
us as well.
Regards,
Marvin Addison
Middleware Services
Virginia Tech
On Fri, Jan 9, 2009 at 4:55 AM, Roelof Jan Koekoek <[email protected]> wrote:
Hi,
I was looking into the single sign-out feature of the latest CAS
client. Our SSO clients are being load-balanced transparently under a
single domain. Currently the load-balancer provides sticky sessions.
Therefor we don't use session replication over client servers. In a
single sign-out scenario the SSO server has no idea which of the
client servers provided the client service to a user. Ticket
validation appears to be bound to the public outer domain of the
services. Is there a known solution to this problem, or do you have
any ideas how to get this to work?
Best Regards, Roelof Jan
_______________________________________________
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
_______________________________________________
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
PRIVACY NOTICE
This email and any attachments may be confidential and/or privileged. Use of
the information contained in this email by anyone other than the intended
recipient is strictly prohibited. If you have received this email in error,
please notify the sender by replying to this message and delete this email.
_______________________________________________
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
