Thanks once again for taking the time to reply Mike and Scott; I appreciate it!
I believe I've figured out the answer to my issue and will see about updating the Clustering CAS documentation once I have confirmed it here. As I mentioned below, I was concerned about the TGT cookie set in the user's browser as it is set to domain of the CAS server by default (ssoA.example.com) and how this wouldn't be visible to the other servers (ssoB.example.com, ssoB.example.com, etc). After reviewing the documentation on the org.springframework.web.util.CookieGenerator <http://www.springframework.org/docs/api/org/springframework/web/util/Co okieGenerator.html> , I realized I could explicitly set the domain to a higher level so all of the servers can see the cookie. I can confirm that making the CASTGC available to the highest domain (e.g. example.com) will make it work, however I would like to keep that cookie only visible to CAS. What other options are available other than making the TGT cookie visible to the highest domain (e.g example.com)? Thanks, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Kennedy Sent: Tuesday, August 07, 2007 4:00 PM To: Yale CAS mailing list Subject: RE: Load balancing requirements for clustering CAS 3.0.x+ Andrew, In our setup we use JBoss which uses Tomcat 5.5 as its embedded servlet container. I don't use an Apache/AJP front end at all. I set up a virtual host on each of the nodes of the cluster that corresponds to the hostname associated with the ip on the frontend load balancer. In JBoss I added a jboss-web.xml file to the WEB-INF directory of the cas web application that specifies which virtual host to deploy into. With a standalone Tomcat installation like you want you can specify a directory as part of of the <Host></Host> virtual host definition in server.xml and deploy cas.war there. Once that was set up I simply followed the instructions in this document to finish the installation: http://www.ja-sig.org/wiki/display/CASUM/Clustering+CAS In this document there are three important things that need to be done: guarantee ticket uniqueness, tomcat session replication and cas ticket cache replication. With my clustered JBoss setup I got tomcat session replication straight out of the box with JBossCache/JGroups. So all I needed to worry about were the spring bean configuration changes for ticket uniqueness and CAS ticket replication backed by the JBossCache. Mike On Tue, 2007-08-07 at 13:00 -0500, Andrew R Feller wrote: > Thanks for the response Mike! > > My main concern stems from the issue with the cookies created by the CAS > servers. They appear to be set for the domain of the server that issued > it (e.g. casA.example.com, casB.example.com, etc), which won't be > available to the other servers in the cluster. > > How are the CAS servers in your cluster set up? I take it you have a > single URL, which directs requests to a server. What additional steps > must be done to configure Apache/Tomcat/CAS for load balancing outside > of a normal CAS deployment? > > Thanks, > > Andrew R Feller, Analyst > Subversion Administrator > University Information Systems > Louisiana State University > [EMAIL PROTECTED] > (office) 225.578.3737 > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Mike Kennedy > Sent: Tuesday, August 07, 2007 11:33 AM > To: Yale CAS mailing list > Subject: Re: Load balancing requirements for clustering CAS 3.0.x+ > > At our site we have CAS clustering working with an F5 load balancer > using sticky sessions. However, if the load balancer detects that a node > fails it migrates those sessions to another node where the Tomcat > session and ticket cache have already been replicated. > > In other words, we use sticky sessions and have uninterrupted service > within the cluster. > > On Tue, 2007-08-07 at 11:05 -0500, Andrew R Feller wrote: > > Q: Are there any load balancing requirements for clustering CAS 3 > > server? > > > > > > > > While following the Clustering CAS walkthrough in the CAS wiki, I > > notice it didn't go in-depth about what options are available. Aside > > from using sticky sessions to redirect the user back to the CAS server > > they were authenticated against, what other options are available? I > > would prefer not to use sticky sessions as we want uninterrupted > > service within the cluster. > > > > > > > > Thanks, > > > > > > > > Andrew R Feller, Analyst > > > > Subversion Administrator > > > > University Information Systems > > > > Louisiana State University > > > > [EMAIL PROTECTED] > > > > (office) 225.578.3737 > > > > > > > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas -- Mike Kennedy Lead Technologist for Research Computing Infrastructure and Security Group [EMAIL PROTECTED] 951.827.4875 _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
