> The issue also depends on whether you're clustering sessions or not. We were under the very mistaken assumption that all that was necessary to get single sign-out working in a clustered environment was to use clustered session storage. How wrong we were. We're using JBossCache-backed sessions on one of our J2EE webapps running on JBoss and single sign-out doesn't work.
> In theory if you're clustering sessions, there's less work to do... > You merely need to make the map between session id and ST distributed. I think it's straightforward, but much needed work that needs to exist in the near term. I think a generic facility for assertion storage (AssertionStorage interface) that maintains that mapping is needed. This would be analogous to the TicketRegistry facility in the server. Most of the existing session-backed code could be easily reworked, and cluster-aware storage backends including JBossCache and JPA could be provided with the distribution in the future. I've created https://issues.jasig.org/browse/CASC-114 to help track this feature. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
