If CAS is deployed behind a typical HTTP Load Balancer the value of request.getRemoteAddr() often returns the value of the Load Balancer instead of the actual client IP address. This makes the IP Address Login interceptors not function correctly. However, most Load Balancer return the actual client IP in a HTTP header such as X-Forwarded-For. If the IP Address Login Interceptors could read that header instead of getRemoteAddr() the issue would be solved. I'm creating a pull request with a proposed fix for this issue.