Well, I tried this. Here is the relevant part of my TicketRegistry.xml now:
<bean id="serviceTicketsCache"
class="org.springframework.cache.ehcache.EhCacheFactoryBean"
parent="abstractTicketCache"
p:cacheName="cas_st"
p:timeToIdle="11"
p:timeToLive="30"
p:cacheEventListeners-ref="ticketRMISynchronousCacheReplicator" />
<bean id="ticketGrantingTicketsCache"
class="org.springframework.cache.ehcache.EhCacheFactoryBean"
parent="abstractTicketCache"
p:cacheName="cas_tgt"
p:timeToIdle="7201"
p:timeToLive="28801"
p:cacheEventListeners-ref="ticketRMISynchronousCacheReplicator" />
It still is not working. In fact, I've discovered that if I shut down one of
the nodes I can't even log in to a CASified app under a completely new session.
If one node is down, the entire CAS cluster is down. It is apparently expiring
the service tickets within milliseconds after they are granted, and I don't
know why. Here is a log entry:
2013-09-11 13:29:45,806 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
Granted service ticket [ST-5-fNfcto5fHfqUBpnwveGe-cas3.yc.edu] for service
[https://cas.yc.edu/services/j_acegi_cas_security_check] for user [mstlaure]
2013-09-11 13:29:45,806 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail
record BEGIN
=============================================================
WHO: mstlaure
WHAT: ST-5-fNfcto5fHfqUBpnwveGe-cas3.yc.edu for
https://cas.yc.edu/services/j_acegi_cas_security_check
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Sep 11 13:29:45 MST 2013
CLIENT IP ADDRESS: 198.60.125.12
SERVER IP ADDRESS: 198.60.125.94
=============================================================
2013-09-11 13:29:45,822 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
ServiceTicket [ST-5-fNfcto5fHfqUBpnwveGe-cas3.yc.edu] has expired.
Thanks,
----------------------------------
Mark St. Laurent
Web Systems Administrator
Yavapai College
(928) 717-7654
http://www.yc.edu
-----Original Message-----
From: Tom Poage [mailto:[email protected]]
Sent: Wednesday, September 11, 2013 10:24 AM
To: [email protected]
Subject: Re: [cas-user] EhCache High Availability
On Sep 11, 2013, at 9:24 AM, "St Laurent, Mark" <[email protected]> wrote:
> So, I have been trying to implement Ehcache on our CAS cluster, and it is
> mostly working. It caches tickets, and the two nodes are replicating and
> validating each other's tickets. But it still has an issue with availability.
> Here is what is happening:
>
> 1. I open a session with a browser and authenticate with a CASified
> application,
> 2. I disconnect one of the CAS servers in the cluster to simulate a
> failure,
> 3. When I try to connect to another CASified application, it requires
> me to reauthenticate. If I look in the logs there is a single entry that says
> SERVICE_TICKET_NOT_CREATED.
>
> How do I get the cluster to continue validating service tickets after a node
> has failed?
Two possibilities come to mind offhand:
1. In the original Ehcache example TGTs were not being replicated due to a
missing bean directive. Ensure the TGT bean is inheriting from the abstract
ticket cache:
<bean id="ticketGrantingTicketsCache"
class="org.springframework.cache.ehcache.EhCacheFactoryBean"
parent="abstractTicketCache">
2. The TGT cache does not by default replicate synchronously. Depending on the
timing of your simulated failure, the client TGT may not have replicated to its
peer node(s).
Tom.
--
You are currently subscribed to [email protected] as:
[email protected] To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
