[cas-dev] Single sign-out in a loadbalancing environment

Lekhnath Bhusal lbhusal at d2hawkeye.com
Fri Jan 9 08:29:19 EST 2009 

Can't we just use registered service improvement to register all the 
machine in the load balancer?While sending the log out request send the 
logout request to multiple urls ( all machines participating in load 
balancing for a service) instead of the single url per service.

Marvin Addison wrote:
> The crux of the problem is that the CAS server itself is making
> back-channel connections to send the sign out request to client
> applications, so there is no possible way for the load balancer to
> correlate user requests with those made by the CAS server.  It's hard
> to imagine any solution other than requiring load balanced client
> applications to share/replicate session state.  This is a tough
> requirement to impose on client applications, and it indeed surprised
> us as well.
>
> Regards,
> Marvin Addison
> Middleware Services
> Virginia Tech
>
> On Fri, Jan 9, 2009 at 4:55 AM, Roelof Jan Koekoek <roekoe at vpro.nl> wrote:
>   
>> Hi,
>>
>> I was looking into the single sign-out feature of the latest CAS
>> client. Our SSO clients are being load-balanced transparently under a
>> single domain. Currently the load-balancer provides sticky sessions.
>> Therefor we don't use session replication over client servers. In a
>> single sign-out scenario the SSO server has no idea which of the
>> client servers provided the client service to a user. Ticket
>> validation appears to be bound to the public outer domain of the
>> services. Is there a known solution to this problem, or do you have
>> any ideas how to get this to work?
>>
>> Best Regards, Roelof Jan
>> _______________________________________________
>> cas-dev mailing list
>> cas-dev at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>
>>     
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>   

 
PRIVACY NOTICE

This email and any attachments may be confidential and/or privileged. Use of the information contained in this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and delete this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20090109/ebb1c9be/attachment.html

More information about the cas-dev mailing list