David,Setting the domain name on the CASTGC or CASPRIVACY cookies should not affect ticket replication. If your CAS servers are behind a content switch, setting the cookie domain name should not be needed, but that's not the root of your problem.
The problem may be with SSL. If you are using your content switch to do SSL, CAS may think that the browser didn't use SSL. By default, CAS only returns the CASTGC cookie, which as you know contains the TGT, to a browser over a secure SSL connection. If CAS thinks that there was no SSL, it will not set that cookie, and when you subsequently come to authenticate to another service, you will have to authenticate again.
If you are using Firefox, it should be easy to check for the CASTGC cookie using Tools->Page Info->Security.
Adam David Ruwoldt wrote:
Dear All, I have setup CAS as a cluster behind the content switch content swtich -> 2 servers Each server is RHEL 5, cas 3.3.1, tomcat5 I have turned up debugging for alot of the jars. When I loginI can see the ST being replicated on the other server in JBossCacheTicketRegistry but I do not see my TGT being replicated. So when I shutdown the server that auth'ed me the other server throws up a page asking for a login again to a new service.My domain is set the same in warnCookieGenerator.xml ticketGrantingTicketCookieGenerator.xml I am seeing both the GMS: address is XX.XX.XX.XX:XXXXX andINFO: Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://XX.XX.XX.XX:XXXXX,catalina,XX.XX.XX.XX:XXXXX, alive=6]I am not sure what else I should be checking. Any help would be appreciated. Including any further debugs to put in. List of debugs islog4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.authentication=DEBUG log4j.logger.org.jasig.cas.web.flow.TicketGrantingTicketCheckAction=DEBUG log4j.logger.org.jasig.cas.services.DefaultServiceRegistry=DEBUG log4j.logger.org.jasig.cas.services=DEBUG log4j.logger.org.jasig.cas.util.JBossCacheFactoryBean=DEBUG log4j.logger.org.jasig.cas.ticket.registry=DEBUG log4j.logger.org.apache.catalina.cluster=DEBUG log4j.logger.org.apache.catalina.cluster.mcast.McastServiceImpl=DEBUG log4j.logger.org.apache.catalina.cluster.tcp.SimpleTcpCluster=DEBUG log4j.logger.org.apache.catalina.cluster.tcp.ReplicationTransmitter=DEBUG log4j.logger.org.apache.catalina.cluster.tcp.ReplicationListener=DEBUG log4j.logger.org.apache.catalina.cluster.mcast.McastService=DEBUG log4j.logger.org.apache.catalina.cluster.session.DeltaManager log4j.logger.org.jboss.cache.service.TreeCache=DEBUG Yours sincerely David Ruwoldt
begin:vcard fn:Adam Rybicki n:Rybicki;Adam org:Unicon, Inc.;Professional Services adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States email;internet:[email protected] tel;work:+1-480-558-2400 tel;home:+1-310-265-8286 tel;cell:+1-310-980-2758 x-mozilla-html:FALSE url:http://www.unicon.net/ version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
