Here are two tests that I just performed (I had to go straight against the servers server1.domain & server2.domain instead of against loadbalanced.domain since we have sticky sessions).
Test 1: 1) Go to https://server1.domain/cas/login/?service=http://server.domain/staticHtml(where staticHtml is just a regular page that I can get the ST from) 2) Login, get redirected to staticHtml, get the ST from the query string 3) Go to https://server2.domain/cas/serviceValidate/?service=http://server.domain/staticHtml&ticket=ST-FromTheQueryString 4) This results in getting redirected to https://server2.domain/cas/login/?service=http://server.domain/staticHtml&ticket=ST-FromTheQueryString In the browser, it is like server2 wants me to login even though I went to serviceValidate Test 2: 1) Go to https://server1.domain/cas/login/?service=http://server.domain/staticHtml(where staticHtml is just a regular page that I can get the ST from) 2) Login, get redirected to staticHtml, get the ST from the query string 3) Using a test ASP.NET web application and the DotNetCasClient programmatically validate the ST retrieved in step 2. This works and I get the username back. So what is the difference and why are we seeing this behavior. Apparently I was mistaken about getting an unrecognized ticket error, but I swear I have gotten them before. Our cluster configuration just seems shaky right now. The reason I feel I need session replication is because of the documentation here: http://www.ja-sig.org/wiki/display/CASUM/Clustering+CAS (which appears to have been last modified by yourself Marvin, so I appreciate being able to get help directly from you) Thanks for your help on this issue. I really would like to understand the best way to get our servers clustered. On Thu, Sep 24, 2009 at 6:56 PM, Marvin Addison <[email protected]>wrote: > > if you get a ST from server A and try to > > validate it on server B it returns "unrecognized ticket". > > Would you mind posting the relevant excerpt from the stack trace that > results from either of your test scenarios? I have a hunch about the > cause of your problem, but can't be certain without further > information. > > We have never seen any errors of this sort in months of testing our > active-active setup that makes no provisions for either session > replication or sessionless Web Flow. Since the ticket request and > validation steps have different sources, one would expect a 50% error > rate in our case of a 2-node cluster if there were a fundamental > requirement that Web Flow state be shared among nodes. Our experience > suggests there is no such requirement. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
