We have two CAS servers behind a load balancer (Cisco ACE) with EHCache implemented so Service tickets, etc. are available to both servers. For the client sessions coming in through the load balancer we use sticky selection of the back end server. But, when the application servers contact CAS to validate the ticket we do not have the connection sticky since it would do no good. The server is attempting to validate a ticket created by the client session so stickiness does nothing to direct the server connection to the "correct" CAS server.
With one particular app (Peoplesoft) I see the ST created on our CAS node #2 and in the same second it is validated by the PS server. A second later the PS server tries to validate the ticket again and this time the load balancer sends it to our CAS node #1 which logs "ServiceTicket [ST... does not exist". I presume it is simply a matter that EHCache has not sent that particular ST yet so is really an issue of timing. I could make it sticky but that will not resolve the problem. Then if the PS server gets sent to the not yet aware of the ST CAS server it will just fail validation twice. That would make it a 50/50 chance that with both validations would succeed or both would fail. How are others dealing with this timing issue? Any suggestions how we can prevent the validation failures? I would presume that we could tweak EHCache to sync more quickly but at a cost in performance. How do we determine an appropriate balance of EHCache timing with ticket validation timing (if that is even the best way to address this)? Appreciate any help on this one? Ted F. Fisher Server Administrator 323 Hayes Hall Information Technology Services Email: [email protected]<mailto:[email protected]> Phone: 419.372.1626 [cid:[email protected]] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
<<inline: Picture (Device Independent Bitmap) 1.jpg>>
