Good to know. Can I ask what's the configuration you're using? .- Persistence method on the F5 .- CAS ticket store configuration: a single one behind your three CAS servers? Each CAS server has their own? .- CAS ticket store implementation you're using?
Thanks a lot! javier On Mon, 2012-07-09 at 17:02 -0400, Srinivas Varadaraj wrote: > We do, a 3 node CAS cluster behind F5 loadbalancer(s) on multiple > sites with SSL offloaded. > > -sri > > > > ______________________________________________________________________ > > Thank you. > Srinivas Varadaraj > Email: [email protected] > > > > > > > ______________________________________________________________________ > > From: "Javier Fradiletti (Contractor)" <[email protected]> > To: [email protected] > Sent: Friday, July 6, 2012 8:21:43 AM > Subject: RE: [cas-user] reverse proxy & load balancing behind > Apache > > > > Anyone have used Cisco SLB or F5 LB for load balancing? > > > -----Original Message----- > From: b savage [mailto:[email protected]] > Sent: Fri 7/6/2012 8:03 AM > To: [email protected] > Subject: Re: [cas-user] reverse proxy & load balancing behind > Apache > > On Fri, Jul 6, 2012 at 6:49 AM, Frank Van Damme > <[email protected]>wrote: > > > 2012/7/5 Philippe MARASSE <[email protected]>: > > > Member ;-), > > > > > > As far as I remember, clustering is not so easy. I've set > up a few years > > ago > > > a clustered CAS involving a few more steps : > > > 1 - Clustering tomcat (on-line documentation at apache > site is good > > > enough) > > > 2 - Make CAS redistributable in web.xml > > > 3 - Share the tickets registries (JPATicketRegistry if > I'm not > > mistaken) > > > 4 - Use sticky sessions in the balancer > > > > > > Rdgs > > > > It looks like mod_balancer does send the same client more or > less to > > the same backend. > > So far I got session replication more or less working (the > cas > > clustering wiki page says nothing about authentication so > I'm also > > somewhat worried about session hijacking through the > multicast > > packages that Tomcat sends - after all, everyone can capture > those > > packages and it looks like any server can announce himself > as a > > cluster member). > > > > I found a slideshow presentation somewhere that says you don't > > actually need session replication because it is only used > for storing > > the "webflow state", and recommands adding > > repository-type="client" > > to > > <flow:executor id="flowExecutor" > registry-ref="flowRegistry" > > > > > ... unfortunately I can't test if that works because it is > based on an > > older Spring version and I can't find the equivalent in > newer versions > > - that is, if it hasn't just been made obsolete at all. > > > > > Good points. They are highlighted in the warning areas on the > clustering > page. > > > > Many thanks for the advice and pointers, > > > > -- > > Frank Van Damme > > No part of this copyright message may be reproduced, read or > seen, > > dead or alive or by any means, including but not limited to > telepathy > > without the benevolence of the author. > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > > > > CONFIDENTIALITY: Any information contained in this e-mail > (including attachments) is the property of The State of Texas and > unauthorized disclosure or use is prohibited. Sending, receiving or > forwarding of confidential, proprietary and privileged information is > prohibited under Lamar Policy. If you received this e-mail in error, > please notify the sender and delete this e-mail from your system. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
