Hi Andrew,
Are you running the Moodle CAS plugin in proxy mode? If yes, then
with multiple nodes you'll need to rebroadcast the PGTIOU/PGTID and
logout requests. The CAS server callback might be going to a
different server than the original request (it's independent of the
original request so sticky cookies don't help). Take a look at
example_proxy_rebroadcast.php in the examples folder on github for
usage. (https://github.com/Jasig/phpCAS/tree/master/docs/examples).
Matt
On 01/10/2012 07:46 AM, Martin McCormack wrote:
> Cluster is managed with a Cisco ACE 4710 and the sessions
are sticky.
Are you using sticky by IP or Cookie? If by Cookie and the
clients have Cookies disabled then the Cisco cookie will not be
returned and it will degrade to the next sticky setting.
You might have to do some packet tracing, I've found Wireshare
handy for this.
Good luck.
Martin
From: [email protected]
Date: Tue, 10 Jan 2012 10:17:41 -0500
To: [email protected]; [email protected]
Subject: [phpcas-users] CAS Authentication failed with
Clustered Moodle
We've been reliably running a single server moodle
instance with CAS enabled for over a year. Recently we've
moved to a cluster of Moodle servers and sporadically users
are seeing a "CAS Authentication failed!" message.
At first I thought the error must be session related so
I've verified the following settings.
Cluster is managed with a Cisco ACE 4710 and the sessions
are sticky.
Both moodle sessions and php sessions are written to a
shared NFS space.
Does anyone have a suggestion on how we can address this
issue?
Andrew
Tillinghast
Sr. Web
Developer
270
Mohegan Avenue
New London, CT 06320-4196
Ph:860
439-5265 Fax: 860 439-2871
P Think
before you print
CONFIDENTIALITY:
This email (including any attachments) may
contain confidential, proprietary and privileged
information, and unauthorized disclosure or use
is prohibited. If you received this email in
error, please notify the sender and delete this
email from your system.
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
|
