Hi, we have a CAS Server 3.5.2 and use the Single Sign Out feature, as described in https://wiki.jasig.org/display/CASUM/Single+Sign+Out
The client application is cluster-based (via a load balancer, sticky sessions). As far as I understand the currently available/discussed solutions - see e.g. https://issues.jasig.org/browse/CASC-142 https://issues.jasig.org/browse/PHPCAS-100 https://github.com/mxbossard/cas-slo-cluster http://jasig.275507.n4.nabble.com/Single-sign-out-in-a-loadbalancing-environment-td254825.html the best practice is to hold the client responsible for correctly managing the logout requests (e.g. by rebroadcasting). Unfortunately, we cannot change the client application; besides, the official Java client solution (CASC-142) is not yet available. Could there arise potential problems (in particular, security-related) if we modified the CAS Server to distribute the logout requests? E.g. by using a mapping table myclusteredapp -> myclusteredappnode1, myclusteredappnode2 to distribute a logout request http://myclusteredapp/... to http://myclusteredappnode1/..., http://myclusteredappnode2 ? Thanks in advance and best regards, Guido -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
