Hi, We have a single CAS server, but our *business* applications is clustered & behind a Load Balancer (HAProxy). We were disappointed to learn that single sign *out* fails on such architecture, because when CAS sends the "logout" notification to the application, the notification goes to the Load Balancer which forwards it to a single application (not to all of them).
It's a known issue: https://issues.jasig.org/browse/CAS-742 https://issues.jasig.org/browse/CAS-832 http://comments.gmane.org/gmane.comp.java.jasig.cas.devel/1495 Would anyone please happen to know of patched to the CAS code - either open-source or commercial - that solve this (e.g. implementing the CAS-742 suggestion, to distinguish between "redirect" address and "logout notification" address)? Or do you know of some other easy patch which you use in your application? Frankly I don't understand how CAS can be used so widely without solving such a fundamental problem. In over a decade in IT, most of my applications were load-balanced, and all of them had "logout". It simply doesn't make sense for developers to give up load balancing, or give up "logout".... thanks very much -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
