> I'm wondering if any thought has been given to implement a mechanism for > clustered CAS client servers to each receive logout requests from the CAS > server?
It's been discussed repeatedly and there's interest in the feature. Unfortunately, it's a difficult problem for which there is not a single solution that could be leveraged by all clients. > The ideal solution: > 1) domain.edu/app1** has been configured to send logout requests to > server1.domain.edu** and server2.domain.edu** > 2) User logs into domain.edu/app1 > 3) User logs out > 4) Logout request is sent to server1.domain.edu and server2.domain.edu This assumes that the load balanced clients are reachable by the CAS server over some network, which is not unreasonable but certainly not required by a load-balanced setup. What is more likely is some kind of authenticated state shared across all clients such that when one client receives the SAML LogoutReqeust message it can destroy the authenticated state, which would be communicated via some means to other clients. For example, if every client performs a state check on every request it would be recognized on the next request. Obviously such a solution would be client-specific with each client needing to develop its own shared state storage mechanisms. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
