Hi, I agree with Jérôme, the simplest and most robust solution is to have 2 (or in our case 4) CAS servers running in a cluster with a multi-master LDAP backend. Put a load-balancer in front of your CAS servers and you're done.
Okay, on second thought... Maybe not the simplest, but it is very reliable. Regards, Stephan On 06/02/15 08:04, Jérôme LELEU wrote: > Hi, > > I would not recommend to implement such a fallback mechanism on client > side: it would be pretty complicated and you would lose all the > benefits of a centralized authentication server (security, one link to > the authentication source). > > Why not a failover with two CAS servers? It can be achieved pretty > easily with a Virtual IP (http://linux-ha.org/wiki/Main_Page). In all > cases, you must careful of your SPOF (Single Point Of Failure): is > your LDAP resilient? > > Best regards, > > Jérôme LELEU > Founder of CAS in the cloud: www.casinthecloud.com > <http://www.casinthecloud.com> | Twitter: @leleuj > Chairman of CAS: www.jasig.org/cas <http://www.jasig.org/cas> | > Creator of pac4j: www.pac4j.org <http://www.pac4j.org> > > 2015-02-06 6:28 GMT+01:00 Prasad Katti <[email protected] > <mailto:[email protected]>>: > > Hi All, > > we are using CAS authentication to implement SSO model. we are > using the JSR 196 for the extending the JAAS authorization. As > part of this we are also implementing a fall back mechanism in > situations where CAS is not available. in situations where CAS is > not available, we want to present a custom login form and > authenticate the user against a pre-defined ldap realm. > > here's where we are having a problem. when the application > redirects to cas application login, if ÇAS is not available, how > to capture the same on redirection failure? one option is to check > the connectivity by sending an HTTP Connect method to the server. > we can then use the HTTP status code to determine if we have to > invoke the fallback strategy. is there a built in way in cas that > will accomplish the same? I am just trying to weigh different options. > -- > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
