Rails 3.1 does not run rubycas filter on non-matching routes, so single sign out fails

[bryanlarsen]

The problem is that the CAS server sends single sign out requests to the service URL. If you hard code config.rubycas.service_url this isn't a problem, but we don't want to do that for various reasons.

If you don't set the service_url, rubycas-client uses the current URI. However, typically these URI's are only valid for GET, but single sign out notifications are sent as POST. In Rails 3.0 this wasn't a problem, but Rails 3.1 responds with a 404 to the POST before the CAS filter runs.

[bryanlarsen]

I fixed this in my app by doing single sign out in middleware rather than a filter. Please indicate if you want to put this into rubycas-client-rails and I'll clean it up and send a pull request.

https://gist.github.com/2852329

[elspethsoup]

I have started a major rewrite of the whole rubycas client and moving most of the work the filter does to rack middleware is one of the things on the list. This will also make writing clients for other web frameworks much easier.