Martin,
We used ehcache with CAS 3.5.2.1 and it proved less than acceptable.
Ehcache was slow at replicating preventing round robin (active/active) load
balancing.
We created a custom keep-me-signed-in and cache listener. Although ehcache
would listen to the listener and restore the ticket when keep-me-signed-in said
the ticket was still valid, it would return an invalid to CAS (before calling
keep-me-signed-in) resulting in the user having to log in again. We had to set
ehcache timeout to 2 hours with no long term session option instead of ehcache
checking every 10 min.
The 2 hour window in ehcache then resulted in ehcache having to process a large
(GB) file of tickets which overwhelmed the server.
In general, ehcache has its own expiration policy. I am not sure how to get it
to match what you set in CAS.
I have been stung. I am now moving to hazelcast.
Ray
On Tue, 2017-09-26 at 22:40 -0700, Martin Mössner wrote:
Hi Folks,
I have some questions about the Topics TGC (aka TGT), RememberMe and the
integrated Ehcache.
So first, everything works fine but after a review we've seen that the long
term TGC (aka remember me) will
be removed in the ehcache.
In the "ticketExpirationPolicies.xml" we've configured four policies with
different lifetimes (ServiceTicket, standardTGT, longTermTGT with
RememberMeDelegatingExpirationPolicy).
<bean id="serviceTicketExpirationPolicy"
class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy"
c:numberOfUses="${st.numberOfUses:1}"
c:timeToKill="${st.timeToKillInSeconds:15}"
c:timeUnit-ref="SECONDS" />
<bean id="standardSessionTGTExpirationPolicy"
class="org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy"
c:maxTimeToLive="${tgt.maxTimeToLiveInSeconds:14400}"
c:timeToKill="${tgt.timeToKillInSeconds:3600}"
c:timeUnit-ref="SECONDS" />
<bean id="longTermSessionTGTExpirationPolicy"
class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy"
c:timeToKill="${tgt.rememberMeDuration:15768000}"
c:timeUnit-ref="SECONDS" />
<bean id="grantingTicketExpirationPolicy"
class="org.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicy"
p:sessionExpirationPolicy-ref="standardSessionTGTExpirationPolicy"
p:rememberMeExpirationPolicy-ref="longTermSessionTGTExpirationPolicy" />
All variables are stored in a property file
tgt.maxTimeToLiveInSeconds=14400
tgt.timeToKillInSeconds=3600
tgt.rememberMeDuration=15768000
st.timeToKillInSeconds=15
In case of "remember me" CAS create a cookie with a lifetime of half a year
[https://lh3.googleusercontent.com/-wgPm4C7sFNU/Wcs3uXZTKsI/AAAAAAAAAoA/NL6FWEy5c3YxTvr1h6C1tSGfh_xZDxNzwCLcBGAs/s320/27-09-_2017_07-30-06.jpg]<https://lh3.googleusercontent.com/-wgPm4C7sFNU/Wcs3uXZTKsI/AAAAAAAAAoA/NL6FWEy5c3YxTvr1h6C1tSGfh_xZDxNzwCLcBGAs/s1600/27-09-_2017_07-30-06.jpg>
In the "ticketRegistry.xml" we configured exactly two caches
"serviceTicketsCache" and "ticketsGrantingTicketsCache":
<bean id="serviceTicketsCache"
class="org.springframework.cache.ehcache.EhCacheFactoryBean"
parent="abstractTicketCache"
p:cacheName="cas_st"
p:timeToIdle="0"
p:timeToLive="15"
p:cacheEventListeners-ref="ticketRMISynchronousCacheReplicator" />
<bean id="ticketGrantingTicketsCache"
class="org.springframework.cache.ehcache.EhCacheFactoryBean"
parent="abstractTicketCache"
p:cacheName="cas_tgt"
p:timeToIdle="3600"
p:timeToLive="14400"
p:cacheEventListeners-ref="ticketRMIAsynchronousCacheReplicator" />
It works as designed, the Ehcache invalidate all TGC after four hours (= 14400
seconds), but the client has a cookie stored with expiration date half a year
later.
If we configure the lifetime for half a year in the ticketRegistry ALL TGCs
will be in cache for this lifetime, regardless if long term (remember me) or
not. Isn't it???
So my question is how to solve this problem? Have anybody ideas or some
workarounds/solutions?
Thank you in advance
Martin
--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1506532454.1759.36.camel%40uvic.ca.
