Hi,
Thanks - unfortunately my management forbids shared state for now, but it will be re-considered in a few months when our architecture matures. But a million thanks for your willingness to dig up & share this code, it's deeply appreciated. As per your remark - please note https://issues.jasig.org/browse/CAS-742 *could*help with sign out behind a load-balancer, provided CAS can access internal node addresses (not through the load-balancer). It boils down to allowing business applications to add parameters when redirecting to CAS login, then extending SimpleWebApplicationServiceImpl to store those parameters. For example: https://server/cas/login?service=myInternalAddress&redirectTo=myExternalAddress Now: If "SimpleWebApplicationServiceImpl" could record this extra data, it could be used so that "myInternalAddress" (=internal node address behind the LB) can be used for Service Ticket validation + logout notifications, while "myExternalAddress" can be used only when redirecting the user back to the application on successful login. I did a very rudimentary POC which worked, but it's not mature enough for contribution: 1) It didn't consider proxy callbacks, SAML, Google Accounts and various other features (we have just plain HTTP requests) 2) It's hard to change the instantiation of SimpleWebApplicationServiceImpl: it's not instantiated only through the Factory method (crateServiceFrom) but also from some direct constructor invocations 3) One might also want to encrypt/obscure the "internalAddress" param, if they don't want to expose their internal architecture In any case, thanks again for taking the time to reply, it's really appreciated :) ----- Original Message ----- From: Marvin Addison <marvin.addi...@gmail.com> To: cas-user@lists.jasig.org Cc: Sent: Monday, December 10, 2012 4:26 PM Subject: Re: [cas-user] Single Sign Out - and load balancer > But please note solutions were already outlined: > https://issues.jasig.org/browse/CAS-742 That issue in no way addresses single sign-out matters when the client is clustered/load balanced. > http://comments.gmane.org/gmane.comp.java.jasig.cas.devel/1495 That is a good reference. The patch I offered took the strategy of sharing state across all client nodes. I think rebroadcasting is more work and has more potential points of failure. I thought I'd lost the patch, but it's actually attached to https://issues.jasig.org/browse/CASC-114. I was perhaps a little bashful at the time and didn't push it, but if we want to revisit the issue now I'm perfectly happy to reignite the discussion. > 4) Bottom line, I felt it's not delayed due to lack of contributors. Disagree. I implemented and tested a solution and there was lackluster interest and it withered on the vine. It takes more than a patch to bring a feature of this scope into the product. There's a place for code review, testing, and folks that simply offer words of support. I'm sure there's a role for you in that list somewhere. M -- You are currently subscribed to cas-user@lists.jasig.org as: solmy...@yahoo.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
