We are attempting to implement CAS inside an environment where multiple
disparate applications in different clusters will be authenticated using CAS.
All of our applications require High Availability and are cluster, and for the
time being it is acceptable to use a single CAS node to authenticate these.
I have followed the instructions at:
https://wiki.jasig.org/display/CASUM/Clustering+CAS
namely with regards to setting up tomcat session replication.
I did not implement Ticket Cache Replication under the assumption that since I
have a single CAS node, this is not necessary. Is this correct?
I can sign-in to App-A on node-1, and than navigate to App-B on node-2 and be
signed-in automatically. So far, so good.
When signing out from App-A on node-1, I get redirected to the single CAS
instance and shown the 'sign-out' page. Nevertheless, if I navigate to App-A
again, I can re-enter the application without signing in. This is the problem.
I am logging the various http requests between the browser, the CAS node, and
the App-A and App-B nodes, and I can see a sign-out message being sent from CAS
to the App cluster. Nevertheless, on occasions the sign-out message does not
land on node-1 but is instead directed by the balancer to node-2.
It would appear that even though I have session replication enabled, the
sign-out message received by node-2 does not cause the session on node-1 to be
invalidated.
Has anyone encountered this condition?
Is there a solution to this issue?
Thank you
Philippe Paravicini
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
