I see the ST created on our CAS node #2 and in the same second it is validated by the PS server. A second later the PS server tries to validate the ticket again and this time the load balancer sends it to our CAS node #1 which logs “ServiceTicket [ST… does not exist”. I presume it is simply a matter that EHCache has not sent that particular ST yet so is really an issue of timing.
Sounds right. I would investigate whether Ehcache has an option to enable synchronous replication such that the call to write a cache entry doesn't return until the entry replicates to all nodes. That would guarantee that the entry is visible to all CAS nodes prior to client validation attempts.
I can imagine other solutions, but none that avoids a race condition entirely; you'll simply improve your odds. But that may be sufficient in practice.
M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
