Hello,
I have made it through the CAS installation, configuration and
customization process for CAS 6.2. The final thing that I must do is
configure a ticket registry shared between two CentOS 7 servers. I was
planning on using memcached because my predecessor used it on the old CAS
3.5.2 installment but I have had no luck getting the two CAS instances to
share their tickets with each other.
I have included the memcached and spymemcached dependencies within
build.gradle:
implementation
"org.apereo.cas:cas-server-support-memcached-ticket-registry:${project.'cas.version'}"
implementation
"org.apereo.cas:cas-server-support-memcached-spy:${project.'cas.version'}"
I installed memcached on each server with: yum install memcached
The version is: 1.4.15
I have opened the firewall (firewalld) to allow access to memcache's
default port: 11211
Inside of cas.properties, I included these properties:
cas.ticket.registry.memcached.memcached.servers=server1.domain:11211
server2.domain:11211
cas.ticket.registry.memcached.memcached.locator-type=ARRAY_MOD
cas.ticket.registry.memcached.memcached.failure-mode=Redistribute
cas.ticket.registry.memcached.memcached.hash-algorithm=FNV1_64_HASH
cas.ticket.registry.memcached.memcached.transcoder=KRYO
cas.ticket.registry.memcached.crypto.signing.key=<My signing key>
cas.ticket.registry.memcached.crypto.encryption.key=<My encryption key>
cas.ticket.registry.memcached.crypto.enabled=true
cas.ticket.registry.memcached.crypto.strategyType=ENCRYPT_AND_SIGN
After rebuilding and deploying, then signing in to server1's CAS instances,
I use telnet to verify the cookies are within memcache:
telnet server1 11211
stats items
I see this on server 1:
STAT items:19:number 1
STAT items:19:age 61809
STAT items:19:evicted 0
STAT items:19:evicted_nonzero 0
STAT items:19:evicted_time 0
STAT items:19:outofmemory 0
STAT items:19:tailrepairs 0
STAT items:19:reclaimed 0
STAT items:19:expired_unfetched 0
STAT items:19:evicted_unfetched 0
END
and this on server2:
stats items
END
Troubleshooting:
I used a rich firewalld rule to allow tcp connections between server1 and
server2 across port 11211. Thinking I may have gunked up the rule, I opened
port 11211 to all. This didn't change anything.
I wasn't sure how memcached worked with signing and encryption of tickets,
I'm currently using the same signing key on both servers, as well as the
same encryption key, is that the way I should have them?
Has anyone had luck implementing memcached into a CAS 6.2 deployment? Any
ideas of the problem here? The cas.log file showed some java errors before
I had my cas.properties ironed out, but on the most recent runs I haven't
seen any errors at all.
Thank you for your time.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/306c993d-cb7d-4cae-8751-6b5031409258n%40apereo.org.
