________________________________________ From: Paul B. Henson Sent: Monday, August 05, 2013 8:14 PM To: [email protected] Subject: Re: [cas-user] fault-tolerant/redundant/HA CAS deployment
<snip> Once I get that working, I'm probably also going to try and cluster the underlying tomcat sessions. While a load balancer with sticky session support can work around not replicating that data, if you drop a server all of the people with sessions on that one will have to re-authenticate on the other one. Depending on your requirements that might be fine, but I'd rather avoid it. -- The tomcat session is only used during the initial authentication - it's just there to keep track of where the user is in the webflow during login. Once a user has authenticated and the TGT has been sent, the tomcat session isn't needed. If you lose a server, anyone who is in the process of logging in will see the login screen again, but as long as the ticket registry is replicated, anyone who has a CAS session will be fine. If you decide to use memcached for ticket replication and want to replicate Tomcat sessions, you may want to check out memcached-session-manager (https://code.google.com/p/memcached-session-manager) I haven't used it in production yet, but it's testing well with a few grails applications I'm working with. -- Eric Pierce Identity Management Architect Information Technology University of South Florida (813) 974-8868 -- [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
