首先
这是一个已知的bug,或者说官方并未支持cas-client 集群部署。
cas-client通过org.jasig.cas.client.session.SingleSignOutFilter
来实现单点退出。
看看这个主要的类,这里只摘出我们关注的部分。
public final class SingleSignOutHandler {
/** Mapping of token IDs and session IDs to HTTP sessions */
private SessionMappingStorage sessionMappingStorage = new HashMapBackedSessionMappingStorage();
/**
* Process a request regarding the SLO process: record the session or destroy it.
*
* @param request the incoming HTTP request.
* @param response the HTTP response.
* @return if the request should continue to be processed.
*/
public boolean process(final HttpServletRequest request, final HttpServletResponse response) {
if (isTokenRequest(request)) {
logger.trace("Received a token request");
recordSession(request);
return true;
}
if