Your CAS client is currently setup in a mode where it needs to be stateful. The proxyTicketManager and serviceTicketManager implementations that ship with the CAS client maintain state in the ASP.NET cache, which isn't web farm/cluster friendly (it lives in memory in each web server). If you don't require proxy ticket supports, single sign-out support, or the ability to revoke outstanding formsAuthentication tickets, you can remove both of those attributes from the casClientConfig attribute in your web.config and your CAS client will be stateless (web farm/cluster friendly). If you do require them, you will need to implement the IProxyTicketManager and IServiceTicketManager interfaces using some kind of back-end storage mechanism that all of your web servers share. I believe you can then replace CacheProxyTicketManager and CacheServiceTicketManager in the web.config with standard the .NET config-style assembly references (ex. Namespace.Type, Assembly, Version=1.0.0, Culture=neutral, PublicKeyToken=etc)
One other thing to be aware of. The .NET CAS Client uses a lot of the FormsAuthentication API for creating and validating tickets/cookies on the clients. The Forms authentication encryption, decryption, and validation is typically performed using the machine key. All of your clustered web servers should be configured to have the same machine key. Otherwise, you'll find that you run into a lot of the same weirdness with Forms Authentication with or without the CAS client involved. -ScottH On Tue, Jun 25, 2013 at 7:21 PM, Faisal Memon <[email protected]> wrote: > Hello, > We have third party .net portal, the portal has been running with CAS > since 2011. Last weekend the portal application database was clustered and > since then we have very unstable SSO in place. Attached is the Error > message we see in Event viewer, anyone had experienced this issue before. > > Thanks > > Faisal > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
