Hi All, I have implemented two cas 3.4.12 servers with jdbc support and JPA ticket registration. It worked great until I added a load balancer that redirects traffic to one of the available cas servers (based on port availability - round robin session redirection), Actually it is Amazon's web services load balancer, AKA Elastic Load Balancer. It listens to port 8443 and forwards it to the same port (8443) towards one on the available cas servers. Cas login page appears and when I am trying to log in it just reloads the cas login screen again - without mentioning any problems, it repeats itself for a few login tries and after few attempts I get the following notification from my browser:
--- Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. ------------------------------ Apache/2.2.16 (Ubuntu) Server at x.x.x.x..x.x.compute-1.amazonaws.com Port 80 --- *Cas.log shows:* 2012-06-12 10:11:22,848 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket [ ST-1-SCiu0IAOcYwAcMd3ElRi-ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com] has expired. 2012-06-12 10:11:22,851 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= *WHO: audit:unknown* WHAT: ST-1-SCiu0IAOcYwAcMd3ElRi-ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Tue Jun 12 10:11:22 UTC 2012 CLIENT IP ADDRESS: 10.210.218.98 SERVER IP ADDRESS: 10.211.173.168 ============================================================= So I guess it acts that way because it cant recognize the user that is attempting to login because normally is should write: WHO: [username: ronen] Does someone has an Idea of why it can happen while accessing Cas trough a load balancer? If I am accessing both cas servers directly and try to simply authenticate it works great!! only when accessing cas trough the load balancer it happens occasionally. (It does work sometimes - means that the ssl certificate of Cas's tomcat machine was successfully imported to the load balancer and basic configurations are fine) Thanks!! -- * Ronen Itkin* Taykey | www.taykey.com -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
