Hi, You're right, if your datastore is already resilient, you just need to integrate your second CAS server with your datastore. That said, you need session affinity during the login process : the server which sends the login page must be the same which will receive the credentials filled in the login form. Otherwise, the authentication will fail.
About security, the communication between your CAS servers and your datastore must be secure as the TGTs and STs associated with the user identities will be conveyed between both systems. For example, the network traffic between your CAS servers and your datastore should never go through internet. Both systems should be in the same DMZ or secured network. This is something you need to talk about with your ops team. Best regards, Jérôme 2013/7/31 Whittaker, Geoffrey <[email protected]> > I have recently managed to get my test CAS server to use our MSSQL server > for the JPA ticket registry backend using the instructions found here: > https://wiki.jasig.org/display/CASUM/JpaTicketRegistry and here: > https://lists.wisc.edu/read/archive?id=13452694 and some tweaks that I > learned along the way. **** > > ** ** > > I have read through https://wiki.jasig.org/display/CASUM/Clustering+CASand I > have a couple of questions. > **** > > ** ** > > Since we have a clustered SQL setup, I shouldn’t need to replicate tickets > between two data stores as our SQL infrastructure is already fault > tolerant. Given, that it seems the only thing I’d need to do at this point > is configure my other test server to work with the same data store and then > configure Tomcat session replication. Is that correct or am I missing > something? **** > > ** ** > > Are there any security issues I need watch out for such as unencrypted > traffic between the servers?**** > > ** ** > > Any help would be much appreciated.**** > > ** ** > > Thanks, **** > > ** ** > > Geoff **** > > ** ** > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
