Prior to having the environment on the F5 we had the users test against the
servers individually and there was no problem but then again the issue does not
always happen. I have tried to reproduce the issue myself but have not been
able to. So we didn't see the problem until we had more users accessing the
system once it was on the F5. Our previous CAS environment 3.4.7 is running on
a Cisco Ace if I'm not mistaken and there were no problems there. We have
sticky sessions enabled based on the ip address.
___________________
Juan Quintanilla
[email protected]<mailto:[email protected]>
________________________________
From: Michael O Holstein <[email protected]>
Sent: Thursday, July 30, 2015 11:00 AM
To: [email protected]
Subject: Re: [cas-user] CAS Intermittent login issue
I've noticed this as well, but if you use Chrome/Firefox in debug mode you'll
see the JSESSION ID as a cookie in either case so I don't think that matters.
Even though you've only got one app server I'd bet the F5 has stickyness
configured (and you will need it) but how exactly it's being done might be
screwing with your app. Have you tried setting up something simple like
cas-sample-java-webapp against the inside address (bypass the F5) and see if
the problem still exists?
We ended up forgoing a Cisco ACE in favor of two Nginx boxes and HAProxy/VRRP
as well as load balancing out the back .. for pretty much the same reasons ..
plus it's much easier to troubleshoot when you have control over the whole path.
Michael Holstein
Cleveland State University
________________________________
From: Christopher Myers <[email protected]>
Sent: Thursday, July 30, 2015 10:38 AM
To: [email protected]
Subject: Re: [cas-user] CAS Intermittent login issue
One thing to check - does the CASified application have the correct IP address
for the CAS server? We had something similar happen when we put our CAS
environment behind our Barracuda, and one of our hosted third-party
applications still had the old DNS entry cached.
Chris
>>> Juan Quintanilla <[email protected]> 07/30/15 9:29 AM >>>
Hi,
We are implementing CAS 3.6.0 using ldap authentication, with oracle for the
ticket registry, and tomcat 8. We have the environment running on an F5 load
balancer but currently with only one web server in the loop. I just wanted to
ask if any have encountered intermittent issues with logging into an
application using CAS.
What I'm encountering is a user hits the cas login page after being redirected
by the client application but after they enter their credentials they are
redirected to the login page with the login information cleared. If they try
again logging again the process just repeats, if they enter bad credentials no
error message is displayed on the screen or even in the logs. If the user
closes their browser and clears their cache they are able to login.
In the Tomcat access logs we notice that there is a post during that
transaction but we didn't see a jessionid in the url string associated with the
post. We are removing ldap pooling and extending the cas session timeout in
the web.xml to see if maybe their session is expiring. It does not happen all
the time its sporadic so it makes it difficult to troubleshoot. We have talked
to our networking team but they don't seem to see any problems on their side,
they have just extended the session timeout. Our last resort would be to take
the environment off the F5 and see if that helps or place the old environment
on the F5 to see if the problem persists on that environment then we can narrow
it down the issue being on the F5 load balancer. Since the problem does not
always happen we having a hard time determining whether the problem is with the
load balancer or some configuration on the CAS/Tomcat side.
Has anyone encountered something similar, any suggestions will really help.
___________________
Juan Quintanilla
[email protected]<mailto:[email protected]>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
