Hello, There are two things you must consider. JSESSION replication, and Ticket Registry Replication.
If you have session-affinity configured you don't need to worry about the first. (It also makes for very chatty application-servers if you do). You have to make sure though that your entire cluster is able to access the tickets present in the ticket registry. If a user logs in, and a TGT and ST are created, the tickets must be available to all CAS servers in the cluster in case the application tries to validate it via any of the peers. I prefer to have active-passive configuration of the CAS-servers, so that all login procedures can be found in a single log-file. (If you don't have a proper SIEM or Log-Analyser available in your infrastructure that is) Cheers, Stephan On 07/14/15 11:29 AM, Damiano Biagioli <[email protected]> wrote: > > > > > > > > Hello everyone , > > We are using the CAS software from about one month , but until now we have > never used a Clustered CAS . > We have deployed the CAS on two nodes that have a load balancer in front of > them , let's call them N1 and N2. > > on both nodes there are some CASified applications App1 , App2,etc ... the > two nodes N1 and N2 are not part of a cluster and we Use JBoss EAP 6.3.0 as a > server. > That is, on N1 a, CAS webapp, App1 and App2 are deployed , and , on node N2 , > there's another instance of a CAS webapp,another instance of a App1 and > another instance > > of App2. > > However , because the hardware load balancer provides session affinity for > both nodes , things work for now. > > But > now we have to CASify another webapp (App3 ) that is deployed on another > server (let's call it N3) and things have become a little bit complicated . > We came across the problem > > described in > http://jasig.github.io/cas/4.0.x/planning/High-Availability-Guide.html , that > is , "Since both requests flow through the load balancer from different > > source addresses, it is not possible to guarantee that both requests are > serviced by the same CAS node" (quote from that page) . > So I think that we need to have a clustered CAS . > > I've read the following links, > > http://jasig.github.io/cas/4.0.x/installation/JPA-Ticket-Registry.html > > http://jasig.github.io/cas/4.0.x/planning/High-Availability-Guide.html > > https://wiki.jasig.org/display/CASUM/Clustering+CAS > > and i have some questions > 1) have i missed some important docs i should read ? For example is there a > guide on how to create a CAS CLuster using jboss EAP 6.3 ? > > 2) Do we need to have session replication ? is there a guide on how to do it > with jboss ? (official CAS guide describes how to do session replication with > tomcat ) > 3) I see that we need to have a shared ticket registry in order to have a > clustered CAS . Do we have to use jboss cache ? i think that project is now > in maintenance mode ... is there some shared ticket registry that can use the > infinispan cache ,by chance ? > 4) For the shared ticket registry, do you recommend to use the > jpaTicketRegistry ? are there any more docs on it ? > > Thanks for any help , > Sorry for my poor english, > Damiano > > > -- You are currently subscribed to [email protected] as: > [email protected] unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- HE Space Operations B.V. for ESA - European Space Agency Stephan Arts Senior UNIX Engineer Research & Scientific Support Department Science & Robotic Exploration Directorate (SRE) ESTEC Keplerlaan 1, PO Box 299 NL-2200 AG Noordwijk, The Netherlands [email protected] | www.esa.int T +31 71 565 6832 | F +31 71 565 4690 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
