> The approach we took with the .NET CAS Client was to have a Service > Ticket Manager (implemented by an interface) which stores the service > ticket at the web application level after it is validated by the CAS > server.
I think there's something to the kernel of this idea, namely a pluggable storage API for the client authentication token. While I don't think we'd go with a similar interface in the Java client, having a pluggable storage layer for the CAS Assertion might provide a number of benefits including a solution to the clustered single-sign out problem here. We already have memcached and ehcache storage implementations for proxy tickets, so it would be natural to start there for implementations for clustered assertion storage. I'd argue a JPA storage backend would also be beneficial. I'd be interested to hear from the "other" Scott about pluggable storage backends for the assertion. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
