In detail, we ran into a sign-out problem when the business application is clustered behind a load balancer: http://comments.gmane.org/gmane.comp.java.jasig.cas.devel/1495
Note we will ship rudimentary support for front-channel single sign-out in CAS 4: https://issues.jasig.org/browse/CAS-1292
My code changes are: 1) When business machine validations a ServiceTicket (Cas20ProxyReceivingTicketValidationFilter) it send an extra custom parameter, representing the internal IP of this business machine
2) When CAS server receives such validation request, it keeps track of this internal IP (in some datastructre that associates it with the Service Ticket)
3) When logout occurs, a notification is send to those registered IPs (in CAS HttpClient)
Sounds reasonable. Keep in mind that you will get hostname verification failures sending requests to https endpoints by IP address without special handling. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
