We considered this... right up until the point where I read that you were advised to disable forgery-protection.
It's easy enough to send a message to the rubyCAS server to invalidate a given ticket - but mostly users only authenticate with rubyCAS once, and from then on deal only with a given client-application. Killing rubyCAS's ticket only comes into play when a user tries to re-authenticate with the rubyCAS server.
I don't have a good solution to this one...
This is one article in a series on Rails single-sign-on with rubyCAS