[cas-user] cas 3.5.1 PGT replication using ehcache replication

Wed, 23 Oct 2013 03:38:12 -0700 

Hi

We are using cas-server-extension-clearpass (using cas proxy tickets) and 
cas-server-integration-ehcache modules together in cas 3.5.1.

Looking at the ticketRegistry.xml file it says

 <bean id="ticketGrantingTicketsCache" 
class="org.springframework.cache.ehcache.EhCacheFactoryBean" >
        <description>
            Ticket Granting Tickets (TGT) are valid for the lifetime of the 
SSO Session.  They become invalid either
            by expiration policy (default 2 hours idle, 8 hours max) or by 
explicit user sign off via /cas/login.
            The TGT cache can be replicated slowly because TGT are only 
manipulated via web user started operations
            (mostly grant service ticket) and thus benefit of web session 
affinity.
        </description>
        
        <property name="cacheName" 
value="org.jasig.cas.ticket.TicketGrantingTicket" />
              
        <property name="cacheEventListeners">
        <ref local="ticketRMIAsynchronousCacheReplicator"/>
        </property>
        
................


Use of TGTs does seem to be tied to web user started operations in a 
browser where you are stuck to one node and so maybe can be replicated 
slowly.
However if you are using PGTs to obtain a PT it seems PGTs go into the same 
cache as TGTs and are replicated slowly as well?

However getting a PT using a PGT can be done in code and so you can't rely 
on hitting the same node which means you can fall foul of the slower 
replication of PGTs if:

You get the PGT from node 1
Form a request in code using this PGT that goes to node 2 to obtain your PT.

Are the use of both cas-server-extension-clearpass (using cas proxy 
tickets) and cas-server-integration-ehcache modules together not supported 
of do I simply need to tune my ticketRMIAsynchronousCacheReplicator?

The code in 
cas-server-3.5.1/cas-server-integration-ehcache/src/main/java/org/jasig/cas/ticket/registry/EhCacheTicketRegistry.java
says 


public void addTicket(final Ticket ticket) {
        final Element element = new Element(ticket.getId(), ticket);
        if (ticket instanceof ServiceTicket) {
            log.debug("Adding service ticket {} to the cache", 
ticket.getId(), this.serviceTicketsCache.getName());
            this.serviceTicketsCache.put(element);
        } else if (ticket instanceof TicketGrantingTicket) {
            log.debug("Adding ticket granting ticket {} to the cache {}", 
ticket.getId(), this.ticketGrantingTicketsCache.getName());
            this.ticketGrantingTicketsCache.put(element);
        } else {
            throw new IllegalArgumentException("Invalid ticket type " + 
ticket);
        }
    }

So doesn't seem to distinguish between TGTs and PGTs

Any advice or recommendation to open a JIRA appreciated

Thanks


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to