On Fri, Aug 7, 2009 at 10:25 PM, Marvin Addison <[email protected]>wrote:
> > Should production and development environments use different CAS servers? > > We have the typical 3 environments, dev, preprod, and production, and > it has worked well for us. That's what we do also for the most part (though in our case, dev and test use the same instance, prod has its own, and we also have an instance for loadtesting) > > > > If YES, then how do you handle white listing developers versus production > > servers? > > We simply manage them separately using the admin tool on the servers > in each environment, where each environment has its own separate > database. I'll admit that the data management can be a pain, but as > the one who has had to deal with both the administrative hassle and > the pain of deployments, I must admit it's worth the hassle to be able > to isolate problems prior to production. > When applications request access to CAS, we ask them for both a test and a production URL, and configure those in the appropriate CAS servers. > > > How do you account for URLs using varied ports? (80, 443, 8080, 8443) > > We have a handful of wildcard registrations to handle 99% of all > services we expect to use CAS, which makes managing the remaining 1% > much easier on a case-by-case basis. For the wildcard registrations > we need 2 registered services for each logical service group to > account for variable port numbers due to limitations of Ant patterns. > For example: > > - https://*.vt.edu/ > - https://*.vt.edu:*/ > > > Has there been discussions to use regex-based service URLs versus > Ant-based? > > There has. I'm pretty sure the discussion took place in cas-dev > within the past 4 months. I'm pretty sure CAS4 trunk supports a > number of service matching schemes including exact match, Ant, and > regex. I'm sure Scott will jump in and correct me if I'm wrong on > those points. CAS4 trunk (which I really need to kickstart again because it has some nice stuff in it) supports either EXACT matching, ANT matching, or REGEXP matching if I recall correctly. Or at least is supposed to (all the code might not be there yet, but the architecture is). The original reason for not doing REGEXP was that it was more complicated and more than most people needed (plus, have you ever tried to write a Java REGEXP and properly escape everything? ;-)) Cheers, Scott > > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
