Just a note, we have the EHCache solution and replicating in our production environment now.
Primarily worked from the path in the Jira https://issues.jasig.org/browse/CAS-816 There is one notable issue with the configuration provided. While the provided xml suggests TimeToLive values it does not suggest TimeToIdle value therefore he values get set to the defaults os 120 seconds. You might want service tickets that only last 2 minutes but it's really not SSO when the TGT tickets only last 2 minutes. Another issue to note TimeToLive is the MAXIMUM life in seconds, even if the ticket is refreshed. My ticketRegistry.xml config is as follows: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:aop="http://www.springframework.org/schema/aop"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:ehcache="http://www.springmodules.org/schema/ehcache"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springmodules.org/schema/ehcache http://www.springmodules.org/schema/cache/springmodules-ehcache.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd";> <description> Configuration for the EH Cache TicketRegistry which stores the tickets in a distributed EH Cache and cleans them out as specified intervals. </description> <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"> <property name="configLocation" value="/WEB-INF/spring-configuration/ehcache-replicated.xml" /> <property name="shared" value="true" /> <property name="cacheManagerName" value="cacheManager" /> </bean> <bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.EhCacheTicketRegistry"> <property name="serviceTicketsCache" ref="serviceTicketsCache" /> <property name="ticketGrantingTicketsCache" ref="ticketGrantingTicketsCache" /> </bean> <bean id="serviceTicketsCache" class="org.jasig.cas.util.RmiDistributedEhCacheFactoryBean"> <description> Service Tickets (ST) are short lived objects (less than 5 seconds) that are mostly removed from the cache during the service ticket validation operation. The ST cache must be replicated very quickly because the ST validation is performed soon after its creation (the time of a 302 redirect) and the ST validation server is very likely not to be the ST creation server because this validation is performed via a server-to-server communication that is not aware of user session affinity. To ensure a short replication delay, we use the synchronous mode </description> <property name="cacheManager" ref="cacheManager" /> <property name="cacheName" value="org.jasig.cas.ticket.ServiceTicket" /> <property name="diskExpiryThreadIntervalSeconds" value="120" /> <property name="diskPersistent" value="false" /> <property name="eternal" value="false" /> <property name="maxElementsInMemory" value="10000" /> <property name="maxElementsOnDisk" value="100000" /> <property name="memoryStoreEvictionPolicy" value="LRU" /> <property name="overflowToDisk" value="true" /> <property name="timeToIdle" value="300" /> <property name="timeToLive" value="300" /> <property name="rmiCacheReplicatorProperties"> <props> <prop key="replicateAsynchronously">false</prop> </props> </property> </bean> <bean id="ticketGrantingTicketsCache" class="org.jasig.cas.util.RmiDistributedEhCacheFactoryBean"> <description> Ticket Granting Tickets (TGT) are long lived objects (more than 15 minutes) that are mostly removed from the cache by the cache evictor. Web user explicit sign off is the only way to explicitly delete these TGT; this operation is unlikely. The TGT cache can be replicated slowly because TGT are only manipulated via web user started operations (mostly grant service ticket) and thus benefit of web session affinity. </description> <property name="cacheManager" ref="cacheManager" /> <property name="cacheName" value="org.jasig.cas.ticket.TicketGrantingTicket" /> <property name="diskExpiryThreadIntervalSeconds" value="120" /> <property name="diskPersistent" value="false" /> <property name="eternal" value="false" /> <property name="maxElementsInMemory" value="10000" /> <property name="maxElementsOnDisk" value="100000" /> <property name="memoryStoreEvictionPolicy" value="LRU" /> <property name="overflowToDisk" value="true" /> <property name="timeToIdle" value="7200" /> <property name="timeToLive" value="86400" /> <property name="rmiCacheReplicatorProperties"> <props> <prop key="asynchronousReplicationIntervalMillis">500</prop> <prop key="replicateRemovals">false</prop> </props> </property> </bean> </beans> -Andrew On Aug 5, 2010, at 4:21 PM, acevedo wrote: > > Mr. Battaglia, > > Will there be an official cas-server-integration_ehcache in a future CAS > versions or am I barking up the wrong tree. > > Currently setting up 3.3.5. > -- > View this message in context: > http://jasig.275507.n4.nabble.com/CAS-EHCache-Ticket-Registry-tp278045p2315561.html > Sent from the CAS Users mailing list archive at Nabble.com. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
