It's tough to tell with just that logging. Any chance this issue is repeatable, and you could increase the log verbosity by setting "CASDebug On" and "LogLevel Debug" in your httpd.conf ?
Generally, I see this pattern either when mod_auth_cas cannot write to the cookie cache, or if the client browser has conflicting cookies or a large time skew. The more detailed logs should provide some hints for that. -Matt Thank you, -Matt On Wed, Mar 2, 2016 at 1:39 PM, Song, Doe-Hyun <[email protected]> wrote: > Hello Matt, > > > > Just want to update and have a more question. It has been about a week > running both servers with shared directory for cache. It seems stable > except a couple of anomaly. > > > > Today, a user reported he had too many redirect error. I checked access > log of apache on both servers and can see constant 302 redirect for the > user. I wonder if the environment I have could cause the redirect loop > issue. > > > > Access logs. > > > > Server 1. > > 10.10.10.20 - - [02/Mar/2016:13:02:05 -0500] "POST > /cas//login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" > 302 - > > 10.10.10.20 - - [02/Mar/2016:13:02:06 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:06 -0500] "GET /?ticket= > ST-44-XSJadVjVPpTIEhnYWRZP-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:12 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:12 -0500] "GET /?ticket= > ST-45-FhkaLiLYFYpeoOpp32wt-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:12 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:12 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:13 -0500] "GET /?ticket= > ST-47-3xRuhcSfI4WW0klBUzjh-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:13 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:13 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:13 -0500] "GET /?ticket= > ST-49-HfH4jfehrWf17nya2UvD-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:14 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:14 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:14 -0500] "GET /?ticket= > ST-51-desltaeZ2itviwuhJY1q-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:15 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:15 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:15 -0500] "GET /?ticket= > ST-53-a4zMTIYzAbrvTzrN0Ilj-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:15 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:16 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:16 -0500] "GET /?ticket= > ST-55-Fd10iuIFdt1LwYRrcfDS-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:16 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:16 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:22 -0500] "GET /?ticket= > ST-57-dfnHvHE5ecf9BjmpUcen-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:22 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:22 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:22 -0500] "GET /?ticket= > ST-59-OUyGT2hYbMzAeyu52Pgs-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:23 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:23 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:23 -0500] "GET /?ticket= > ST-61-UfSyPdcgWLm9zO6L9pbl-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:23 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:23 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:24 -0500] "GET /?ticket= > ST-63-FRoMZB7ZhGnNGMA5mXq6-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:52 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:53 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:53 -0500] "GET /?ticket= > ST-65-NzDggGC5ar2ycF3ZlhgL-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:53 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:54 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:54 -0500] "GET /?ticket= > ST-67-pu52dYAXEebpGbBc6EK6-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:54 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:54 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - - [02/Mar/2016:13:02:54 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:55 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:55 -0500] "GET /?ticket= > ST-71-Oew9ycoPIMObEzIGZPG5-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:55 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:55 -0500] "GET / HTTP/1.1" 302 365 > > > > > > Server 2 > > 10.10.10.20 - - [02/Mar/2016:13:02:06 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:10 -0500] "POST /support/zkau HTTP/1.1" > 200 19 > > 10.10.10.20 - - [02/Mar/2016:13:02:12 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:12 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:12 -0500] "GET /?ticket= > ST-46-iDiRW3X7IZxBMEdLyKJb-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:12 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:13 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:13 -0500] "GET /?ticket= > ST-48-N16Xg5cEsUm9GbtPUjNP-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:13 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:14 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:14 -0500] "GET /?ticket= > ST-50-kpKWyk2CnoufFw4WqI91-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:14 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:15 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:15 -0500] "GET /?ticket= > ST-52-5Pmfgm1BfH9JuXkz1ide-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:15 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:15 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:15 -0500] "GET /?ticket= > ST-54-F211XMckYGpKwVga0CIT-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:16 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:16 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:16 -0500] "GET /?ticket= > ST-56-qVni0B5daLJ5G3RUVhrb-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:21 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:22 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:22 -0500] "GET /?ticket= > ST-58-56VJrASYDpMohQDmV5fv-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:22 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:23 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:23 -0500] "GET /?ticket= > ST-60-zrHtLJpdCdPk2kavKasH-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:23 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:23 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:23 -0500] "GET /?ticket= > ST-62-wyUcFaaONqYi1gAMSpjU-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:24 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:24 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:53 -0500] "GET /?ticket= > ST-64-fPDvxaVLfG7cOx5yOs69-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:53 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:53 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:53 -0500] "GET /?ticket= > ST-66-1TABEJZgVDaq7DAlf7DO-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:54 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:54 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:54 -0500] "GET /?ticket= > ST-68-JGYULb9DsEMl7ReEfSx0-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:54 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - sme [02/Mar/2016:13:02:55 -0500] "GET /?ticket= > ST-70-wfF7UYFSKDSv2gkjVcvb-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:55 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:55 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:55 -0500] "GET /?ticket= > ST-72-0iFSgz3Ww9eMKZjjuW5J-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:55 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:56 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:56 -0500] "GET /?ticket= > ST-74-fZtQhynWa2h7gXbxsMHn-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:02:56 -0500] "GET > /cas/login?service=https%3a%2f%2f24tracc-test.armada.net%2f HTTP/1.1" 302 > - > > 10.10.10.20 - - [02/Mar/2016:13:02:57 -0500] "GET / HTTP/1.1" 302 365 > > 10.10.10.20 - sme [02/Mar/2016:13:02:57 -0500] "GET /?ticket= > ST-76-B76A9y4NVybrBdf2kITi-cas02q.armada.net HTTP/1.1" 302 307 > > 10.10.10.20 - - [02/Mar/2016:13:03:00 -0500] "POST /zkau HTTP/1.1" 200 18 > > 10.10.10.20 - - [02/Mar/2016:13:03:25 -0500] "POST /support/zkau HTTP/1.1" > 200 18 > > > > > > > > *From:* Matt Smith [mailto:[email protected]] > *Sent:* Monday, February 22, 2016 11:11 PM > *To:* Song, Doe-Hyun > *Cc:* Waldbieser, Carl; [email protected] > > *Subject:* RE: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two > Apache Servers. > > > > Hi Doe, > > Unison is for syncing two distinct filesystems. If you are using a single > shared filesystem, there is no need for syncing. > > Looking forward to hearing your results! > -Matt > > On Feb 22, 2016 19:20, "Song, Doe-Hyun" <[email protected]> wrote: > > Carl, It was the SE Linux issue. We allow httpd to access nfs file system. > > Matt, we launched both apaches. I will let you know if things work after > several days running with the configuration. > However, I wonder if we need to synchronize Sessions between two apaches > as Christian did with unison? > Please let me know if HA configuration for Apache is necessary. > > Thanks, > Doe > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Waldbieser, Carl > Sent: Monday, February 22, 2016 10:51 AM > To: Song, Doe-Hyun > Cc: [email protected]; Matt Smith > Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > Is SE Linux running? > > [root]# getenforce > Enforcing > > If so, try turning off SE linux temporarily to test: > > [root]# setenforce 0 > > Test, then turn it back on: > > [root]# setenforce 1 > > If it worked in permissive mode, you can try the following to look at the > audit log from the command line: > > [root]# sealert -a /var/log/audit/audit.log > > But you may need to install the package that has `sealert` for get what > that is at the moment. > > Thanks, > Carl > > > ----- Original Message ----- > From: "Song, Doe-Hyun" <[email protected]> > To: "waldbiec" <[email protected]> > Cc: [email protected], "Matt Smith" <[email protected]> > Sent: Monday, February 22, 2016 10:24:34 AM > Subject: RE: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > Carl and Matt, > > Thanks for your help. > Unfortunately, I can create the foo or foo2 files and apache is the user > to run httpd. We use Red Hat. > > > [root@webarms02q dhs]# su apache -s /bin/bash -c "touch > /mnt/tnsag/cas/cas_cache/foo2" > [root@webarms02q dhs]# cd /mnt/tnsag/cas/cas_cache > [root@webarms02q cas_cache]# ll > total 0 > -rw-r--r--. 1 apache apache 0 Feb 22 10:11 foo > -rw-r--r--. 1 apache apache 0 Feb 22 10:14 foo2 > [root@webarms02q cas_cache]# ps aux | grep httpd > apache 307 0.0 0.1 422616 14900 ? Sl 08:32 0:01 > /usr/sbin/httpd > apache 310 0.0 0.1 422616 14896 ? Sl 08:32 0:02 > /usr/sbin/httpd > apache 313 0.0 0.1 422616 14924 ? Sl 08:32 0:01 > /usr/sbin/httpd > apache 366 0.0 0.1 422616 14828 ? Sl 08:57 0:00 > /usr/sbin/httpd > root 646 0.0 0.0 110172 848 pts/0 S+ 10:14 0:00 grep httpd > root 21988 0.0 0.1 266112 14436 ? Ss Feb19 0:21 > /usr/sbin/httpd > apache 31507 0.0 0.1 422616 14936 ? Sl 01:58 0:03 > /usr/sbin/httpd > apache 32360 0.0 0.1 422616 14924 ? Sl 05:49 0:02 > /usr/sbin/httpd > apache 32432 0.0 0.1 422616 14900 ? Sl 06:10 0:02 > /usr/sbin/httpd > apache 32637 0.0 0.1 422616 14908 ? Sl 07:43 0:02 > /usr/sbin/httpd > apache 32642 0.0 0.1 422616 14940 ? Sl 07:43 0:02 > /usr/sbin/httpd > apache 32707 0.0 0.1 422616 14920 ? Sl 08:03 0:02 > /usr/sbin/httpd > apache 32756 0.0 0.1 422616 14908 ? Sl 08:27 0:01 > /usr/sbin/httpd > apache 32759 0.0 0.1 422616 14840 ? Sl 08:28 0:01 > /usr/sbin/httpd > [root@webarms02q cas_cache]# cat /etc/issue > Red Hat Enterprise Linux Server release 6.5 (Santiago) > Kernel \r on an \m > [root@webarms02q cas_cache]# uname -a > Linux webarms02q 2.6.32-431.5.1.el6.x86_64 #1 SMP Fri Jan 10 14:46:43 EST > 2014 x86_64 x86_64 x86_64 GNU/Linux > [root@webarms02q cas_cache]# uname -r > 2.6.32-431.5.1.el6.x86_64 > > > > -----Original Message----- > From: Waldbieser, Carl [mailto:[email protected]] > Sent: Friday, February 19, 2016 4:08 PM > To: Song, Doe-Hyun > Cc: [email protected]; Matt Smith > Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > Yes, and make sure that is the user running the web service: > > # ps aux | grep httpd > > The user will need permissions down every folder. > If all else fails, are you runnning SE Linux? That can sometimes restrict > access to files. > > Thanks, > Carl > > ----- Original Message ----- > From: "Matt Smith" <[email protected]> > To: "Song, Doe-Hyun" <[email protected]> > Cc: "waldbiec" <[email protected]>, [email protected] > Sent: Friday, February 19, 2016 3:46:35 PM > Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > Can you confirm that the Apache user can write to that directory ? > > # su apache -s /bin/bash -c "touch /mnt/tnsag/cas/cas_cache/foo" > > -Matt > > On Fri, Feb 19, 2016 at 3:29 PM, Song, Doe-Hyun <[email protected]> wrote: > > > Unfortunately, apache owns the directory. > > > > > > [root@webarms01q cas]# pwd > > /mnt/tnsag/cas > > [root@webarms01q cas]# ll > > drwxr-xr-x. 2 apache apache 4096 Feb 19 12:40 cas_cache > > > > -----Original Message----- > > From: Waldbieser, Carl [mailto:[email protected]] > > Sent: Friday, February 19, 2016 2:48 PM > > To: Song, Doe-Hyun > > Cc: christian folini; [email protected]; [email protected] > > Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two > Apache > > Servers. > > > > That typically means the path doesn't exist or the web user (apache?) > > doesn't have permission to read/write in that folder. > > > > Thanks, > > Carl Waldbieser > > ITS Systems Programmer > > Lafayette College > > > > ----- Original Message ----- > > From: "Song, Doe-Hyun" <[email protected]> > > To: "christian folini" <[email protected]>, [email protected] > > Cc: [email protected] > > Sent: Friday, February 19, 2016 2:41:38 PM > > Subject: RE: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two > Apache > > Servers. > > > > Matt and Christian, > > > > Thanks for your help. I tried to implement it and had interesting error. > > > > Switch the cache directory to network directory. > > > > #CASCookiePath /var/cache/mod_auth_cas/ > > CASCookiePath /mnt/tnsag/cas/cas_cache/ > > > > Then, I have the following error. > > [root@webarms02q cas_cache]# /etc/init.d/httpd restart > > Stopping httpd: [ OK ] > > Starting httpd: Syntax error on line 7 of /etc/httpd/conf.d/cas.conf: > > MOD_AUTH_CAS: CASCookiePath '/mnt/tnsag/cas/cas_cache/' is not a > directory > > or does not end in a trailing '/'! > > [FAILED] > > > > Thanks, > > Doe > > > > > > > > From: [email protected] [mailto:[email protected]] > > Sent: Wednesday, February 17, 2016 1:41 AM > > To: [email protected]; Song, Doe-Hyun > > Cc: [email protected] > > Subject: AW: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two > Apache > > Servers. > > > > Hi guys, > > > > We used to run two identical apaches using mod_auth_cas behind a > > loadbalancer. > > So both apaches would be called www.example.com<http://www.example.com> > > and both cookies had the > > same name. So s2 would overwrite the cookie of s1. > > > > We would keep the sessions in sync on the two apache servers with the > help > > of > > unison. This worked just fine as far as mod_auth_cas is concerned. > > > > We eventually moved away because of issues with unison and because the > > pressing > > need for the feature went away too. > > > > Just my 2 cents. > > > > Christian Folini > > > > > > > > Von: [email protected] [mailto:[email protected]] Im Auftrag von > Matt > > Smith > > Gesendet: Montag, 15. Februar 2016 23:54 > > An: Song, Doe-Hyun > > Cc: [email protected] > > Betreff: RE: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two > Apache > > Servers. > > > > > > Yes, that is what should occur. But please note that while I think this > > should work, you may experience things we did not anticipate in the > > design. I would love to get your results, though, if you do attempt > this. > > On Feb 15, 2016 16:40, "Song, Doe-Hyun" <[email protected]<mailto: > > [email protected]>> wrote: > > Matt, > > > > If so, can we have one cookie for both instances? Currently one cookie > per > > apache is created, meaning two cookies with different name with S1 and S2 > > suffix. > > > > Thanks, > > Doe > > > > From: Matt Smith [mailto:[email protected]<mailto:[email protected]>] > > Sent: Monday, February 15, 2016 4:20 PM > > To: Song, Doe-Hyun > > Cc: [email protected]<mailto:[email protected]> > > Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two > Apache > > Servers. > > > > Hello, > > > > This is an interesting use-case, and not one that the mod_auth_cas team > > has designed for. I have heard of deployers pointing CASCookiePath at a > > shared network location for fault tolerance, but I'm thinking that may > also > > work for this use-case. Would you be able to try configuring > CASCookiePath > > to shared storage, e.g., NFS, and see if this meets your requirements? > > This would allow each instance to use exactly the same cookie > information. > > > > -Matt > > > > On Fri, Feb 12, 2016 at 2:40 PM, Song, Doe-Hyun <[email protected] > <mailto: > > [email protected]>> wrote: > > CAS Community, > > > > We use Mod_Auth_Cas for our CAS Client. We have Mod_Auth_Cas on two > apache > > servers respectively. Each Apache is invoked randomly through Load > Balancer > > up front with a single URL. > > > > Each Mod_Auth_Cas generates Cookie as Mod_Auth_Cas_S1 for S1 instance and > > Mod_Auth_Cas_S2 for S2 instance. I can see two cookies from my browser. > > > > Because of some reasons, I would like to synchronize timeout of those two > > instances. Timeout could be different if S1 is invoked at 1:00PM and S2 > is > > invoked at 1:10PM. > > > > FYI, CAS Server uses Ehcache to synchronize tickets between two CAS > > Servers. > > > > Thanks, > > > > Doe Song > > > > > > > > > > The information contained in this e-mail and any attachments is > > confidential and > > > > intended only for the recipient. If you are not the intended recipient, > the > > > > information contained in this message may not be used, copied, or > > forwarded to > > > > third parties or otherwise distributed for any other purpose. Please > > notify the > > > > sender if you received this e-mail in error and delete the e-mail and its > > > > attachments promptly. Nothing in this e-mail may be used or deemed to > > form the > > > > basis of a contractual or any other legally binding obligation unless > > separately > > > > confirmed in writing by an authorized representative of ARMADA. > > -- > > You received this message because you are subscribed to the Google Groups > > "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]<mailto: > > [email protected]>. > > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/ > > . > > > > > > > > -- > > [email protected]<mailto:[email protected]> > > PGP: E2144AD8 > > > > > > > > > > > > The information contained in this e-mail and any attachments is > > confidential and > > > > intended only for the recipient. If you are not the intended recipient, > the > > > > information contained in this message may not be used, copied, or > > forwarded to > > > > third parties or otherwise distributed for any other purpose. Please > > notify the > > > > sender if you received this e-mail in error and delete the e-mail and its > > > > attachments promptly. Nothing in this e-mail may be used or deemed to > > form the > > > > basis of a contractual or any other legally binding obligation unless > > separately > > > > confirmed in writing by an authorized representative of ARMADA. > > -- > > You received this message because you are subscribed to the Google Groups > > "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]<mailto: > > [email protected]>. > > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/ > > . > > > > > > > > The information contained in this e-mail and any attachments is > > confidential and > > intended only for the recipient. If you are not the intended recipient, > the > > information contained in this message may not be used, copied, or > > forwarded to > > third parties or otherwise distributed for any other purpose. Please > > notify the > > sender if you received this e-mail in error and delete the e-mail and its > > attachments promptly. Nothing in this e-mail may be used or deemed to > > form the > > basis of a contractual or any other legally binding obligation unless > > separately > > confirmed in writing by an authorized representative of ARMADA. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/ > > . > > > > > > > > The information contained in this e-mail and any attachments is > > confidential and > > intended only for the recipient. If you are not the intended recipient, > the > > information contained in this message may not be used, copied, or > > forwarded to > > third parties or otherwise distributed for any other purpose. Please > > notify the > > sender if you received this e-mail in error and delete the e-mail and its > > attachments promptly. Nothing in this e-mail may be used or deemed to > > form the > > basis of a contractual or any other legally binding obligation unless > > separately > > confirmed in writing by an authorized representative of ARMADA. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/ > > . > > > > > > -- > [email protected] > PGP: E2144AD8 > > > > The information contained in this e-mail and any attachments is > confidential and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or > forwarded to > third parties or otherwise distributed for any other purpose. Please > notify the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to > form the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > > > The information contained in this e-mail and any attachments is > confidential and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or > forwarded to > third parties or otherwise distributed for any other purpose. Please > notify the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to > form the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > The information contained in this e-mail and any attachments is confidential > and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or forwarded to > third parties or otherwise distributed for any other purpose. Please notify > the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to form > the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > -- [email protected] PGP: E2144AD8 -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
