Andrew, one question about it. You said that the CAS *client* nodes that generate proxy tickets needs to replicate PGTs. Could I use the same repcached nodes that I use in CAS *server*? Do you recommend that? Or instead you recommend to use an independent replication?
Thanks again! ________________________________ From: Andrew Petro <[email protected]> To: [email protected] Sent: Tuesday, February 7, 2012 3:23 PM Subject: Re: [cas-user] CAS - Liferay - ProxyGrantingTicket null Fernando, Is Liferay clustered? Whether CAS is HA or not doesn't matter here. What matters is whether the CAS *client* needs to be replicating PGTs across a cluster of CAS client instances. Andrew On Feb 7, 2012, at 12:56 PM, Fernando Correa wrote: > I forgot to mention that I'm using memcached + repcache for HA in my CAS > environment. > > Could this link be my solution? > https://wiki.jasig.org/display/CASC/Using+the+CAS+Client+in+a+Distributed+Environment > > What I see is that in this line (final String proxyGrantingTicket = > this.proxyGrantingTicketStorage != null ? > this.proxyGrantingTicketStorage.retrieve(proxyGrantingTicketIou) : null;) the > retrieve method returns null. > > Thanks again! > > From: Andrew Petro <[email protected]> > To: [email protected] > Sent: Tuesday, February 7, 2012 10:07 AM > Subject: Re: [cas-user] CAS - Liferay - ProxyGrantingTicket null > > Hi Fenando, > > Sorry to hear this is problematic. > > CAS server has good logging. If it were me, I'd crank it up to "TRACE" level > logging and watch it fail to understand whether and precisely how the CAS > server is generating a bad (null) PGT. CAS server also supports an audit log > of generated and redeemed tickets. That too should be elucidating. I bet > both show there's no problem on the CAS server side, but that's just a hunch. > > Having shown that CAS issues a PGT, I'd then look for a problem in Liferay. > The Java CAS Client also has pretty good logging. Crank up its logging to > TRACE and watch it fail. > > My favorite way for PGT issuance to fail is for the https callback from CAS > server to relying party (here, from CAS server to Liferay) to fail. However, > I don't see offhand why that would fail intermittently. > > I got no silver bullet for you. Cranked up logs and painstaking review of to > dig into the characteristics of the moment of failure. :) > > Andrew > > > > On Feb 7, 2012, at 7:54 AM, Fernando Correa wrote: > > > Hi everyone. > > > > I'm using CAS (3.3.5 for server, 3.1.10 for client) in Liferay. The portal > > generates proxy tickets for satellite applications. With the first login, > > the proxy tickets are well generated. After a logout and a new login, the > > PGT is not generated (I put it in console, and it's null). > > > > Where could I see what is happening? > > > > Thanks in advance! > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
