> I thought we had an open issue to eventually do an implementation that is > clustered.
Our recent experience with this has provided an opportunity to consider this some. While I'm fairly confident a cluster-aware SessionStorage impl would be straightforward, it seems like you'd then have to deal with two different clustering issues: clustered session storage and the store for the session storage. I think it would make more sense to abstract Assertion storage with an interface, AssertionStorage, and simply have CRUD methods on it which would be called by the AuthenticationFilter, validation filters, and SingleSignOutFilter. That way there would be a single storage backend for the Assertion, which I think would simplify both the source code implementation and configuration for deployers. This strategy seems analogous to the TicketRegistry component in the server. > We should create one to at least track this. Totally agree. I'm happy to create it, but I'd like to get some feedback on my storage design ideas so the issue can have the proper scope. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
