hello
in our environment we also have clustered cas. we are useing RedHat
Cluster Suite. We decided to modify cas plugin to use two addresses. In
short we modified cas plugin to ask first cas serviceValidate address
and if we have negative response then we go to second serviceValidate
address.
W dniu 14.11.2009 04:18, Scott Battaglia pisze:
The thought was that filters can be configured via an
alternative method if necessary (such as using the Spring
FilterToBeanProxys such that you could access any setters). If that
doesn't meet your needs, we can look at an alternative. Also, if you
happen to write a Mecached-backed version, I would encourage you to
contribute it back to the community if possible.
Cheers,
Scott
On Fri, Nov 13, 2009 at 10:11 PM, Marc Kenig
<[email protected]>
wrote:
I
am running a CAS authenticated client which is load-balanced in a High
availability environment.
Sign out is a problem. The hardware load balancer will not necessarily
send the sign out POST from the CAS server to the same resource that
the client browser is stuck to.
Browser -> HW LB -> Tomcat 1
CAS Server-> HW LB -> Tomcat 2
The ticket for the browser that authenticated to Tomcat 1 won't be in
the HashMapBackedSessionStorage for Tomcat 2 so the session won't be
invalidated even though Tomcat 1 and Tomcat 2 are in a cluster.
I've considered a memcached based HashMap for the sign out filter
session-ticket map (SessionMappingStorage), but the
org.jasig.cas.client.session.SignOutFilter is coded in such a way as
the SESSION_MAPPING_STORAGE is not easily replaced with a new
implementation. (Would that the setSessionMappingStorage also have been
declared static!)
Has anybody solved this problem with load balancing logout?
Marc Kenig
******************************************************************
DemandTec Email Notice
This email and any attachments may contain confidential and/or
proprietary
information and is intended solely for the use of the addressee. If you
are not
the intended recipient we request that you notify us via email or
telephone and
delete all copies of the message from your systems. Additionally,
although
DemandTec has taken reasonable precautions to ensure the security of
this
email and any attachments, we encourage you to take similar precautions
and
accept no liability for any loss or damage resulting from its use.
DemandTec, 1 Circle Star Way, Suite 200, San Carlos, CA 94070,
650-226-4600
--
You are currently subscribed to [email protected]
as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
|
<<attachment: przemyslaw_slupkowski.vcf>>
