Matt, Typically clustering with proxy authentication requires a backend storage mechanism to share the proxy across servers.
The Java Client, for example, can utilize either memcached or EhCache. I'm not sure if phpCAS has it. I added the feature as a line in our feature matrix comparison of clients: https://wiki.jasig.org/display/CASC/Client+Feature+Matrix Hopefully our phpCAS developer will update the matrix with his input. He probably will shortly when he wakes up :-) Cheers, Scott On Wed, Aug 4, 2010 at 11:38 PM, Matthew Selwood <[email protected]> wrote: > Hello, > > I'm wondering if anybody has any experience configuring CAS to work with a > CAS proxy client on a web cluster. > > I’m having an issue with the CAS proxy (using phpCAS) on a web cluster > behind a fedora 5 load balancer. When I take all but 1 web server off-line, > CAS proxy works. But when I have 2 web servers on-line I sporadically get > the following error: > > Warning: fopen(/tmp/PGTIOU-374-1FQQKYbEYhNJqf1fxXhT-cas.plain) > [function.fopen]: failed to open stream: No such file or directory in > /usr/local/php-5.2.13/lib/php/CAS/PGTStorage/pgt-file.php on line 255 > CAS Authentication failed! > You were not authenticated. > You may submit your request again by clicking here. > If the problem persists, you may contact the administrator of this site. > > If I then go to the 'https://.../cas/login' url it says that I'm > authenticated (I did receive a TGC). I suspect that the redirect from the > CAS server back to the web server is incorrectly routing it through the load > balancer to the other web server in the cluster (causing the authentication > hand-shaking to fail). Is there any way to force the redirect back to the > same web server in the cluster? > > My setup: > CAS 3.3.5 > PhpCAS 1.1.1 > > Thanks very much, > Matt > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
