Could you use: ssoA.cas.example.comssoB.cas.example.com ?
Subject: RE: Load balancing requirements for clustering CAS 3.0.x+Date: Wed, 8
Aug 2007 07:08:17 -0500From: [EMAIL PROTECTED]: [email protected]
Thanks once again for taking the time to reply Mike and Scott; I
appreciate it!
I believe I’ve figured out the answer to my issue and will see
about updating the Clustering CAS documentation once I have confirmed it here.
As I mentioned below, I was concerned about the TGT cookie set in the
user’s browser as it is set to domain of the CAS server by default
(ssoA.example.com)
and how this wouldn't be visible to the other servers (ssoB.example.com,
ssoB.example.com, etc). After reviewing the documentation on the
org.springframework.web.util.CookieGenerator,
I realized I could explicitly set the domain to a higher level so all of the
servers can see the cookie. I can confirm that making the CASTGC
available to the highest domain (e.g. example.com) will make it work, however I
would like to keep that cookie only visible to CAS.
What other options are available other than making the TGT cookie
visible to the highest domain (e.g example.com)?
Thanks,
Andrew R Feller, Analyst
Subversion Administrator
University Information Systems
Louisiana
State University
[EMAIL PROTECTED]
(office) 225.578.3737
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Mike Kennedy
Sent: Tuesday, August 07, 2007 4:00 PM
To: Yale CAS mailing list
Subject: RE: Load balancing requirements for clustering CAS 3.0.x+
Andrew,
In our setup we use JBoss which uses Tomcat 5.5 as its embedded servlet
container. I don't use an Apache/AJP front end at all.
I set up a virtual host on each of the nodes of the cluster that
corresponds to the hostname associated with the ip on the frontend load
balancer.
In JBoss I added a jboss-web.xml file to the WEB-INF directory of the
cas web application that specifies which virtual host to deploy into.
With a standalone Tomcat installation like you want you can specify a
directory as part of of the <Host></Host> virtual host
definition in
server.xml and deploy cas.war there.
Once that was set up I simply followed the instructions in this
document
to finish the installation:
http://www.ja-sig.org/wiki/display/CASUM/Clustering+CAS
In this document there are three important things that need to be done:
guarantee ticket uniqueness, tomcat session replication and cas ticket
cache replication.
With my clustered JBoss setup I got tomcat session replication straight
out of the box with JBossCache/JGroups. So all I needed to worry about
were the spring bean configuration changes for ticket uniqueness and
CAS
ticket replication backed by the JBossCache.
Mike
On Tue, 2007-08-07 at 13:00 -0500, Andrew R Feller wrote:
> Thanks for the response Mike!
>
> My main concern stems from the issue with the cookies created by
the CAS
> servers. They appear to be set for the domain of the server
that issued
> it (e.g. casA.example.com, casB.example.com, etc), which won't be
> available to the other servers in the cluster.
>
> How are the CAS servers in your cluster set up? I take it
you have a
> single URL, which directs requests to a server. What
additional steps
> must be done to configure Apache/Tomcat/CAS for load balancing
outside
> of a normal CAS deployment?
>
> Thanks,
>
> Andrew R Feller, Analyst
> Subversion Administrator
> University Information Systems
> Louisiana
State University
> [EMAIL PROTECTED]
> (office) 225.578.3737
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Mike Kennedy
> Sent: Tuesday, August 07, 2007 11:33 AM
> To: Yale CAS mailing list
> Subject: Re: Load balancing requirements for clustering CAS 3.0.x+
>
> At our site we have CAS clustering working with an F5 load
balancer
> using sticky sessions. However, if the load balancer detects that
a node
> fails it migrates those sessions to another node where the Tomcat
> session and ticket cache have already been replicated.
>
> In other words, we use sticky sessions and have uninterrupted
service
> within the cluster.
>
> On Tue, 2007-08-07 at 11:05 -0500, Andrew R Feller wrote:
> > Q: Are there any load balancing requirements for clustering
CAS 3
> > server?
> >
> >
> >
> > While following the Clustering CAS walkthrough in the CAS
wiki, I
> > notice it didn't go in-depth about what options are
available. Aside
> > from using sticky sessions to redirect the user back to the
CAS server
> > they were authenticated against, what other options are
available? I
> > would prefer not to use sticky sessions as we want
uninterrupted
> > service within the cluster.
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Andrew R Feller, Analyst
> >
> > Subversion Administrator
> >
> > University Information Systems
> >
> > Louisiana
State University
> >
> > [EMAIL PROTECTED]
> >
> > (office) 225.578.3737
> >
> >
> >
> >
> > _______________________________________________
> > Yale CAS mailing list
> > [email protected]
> > http://tp.its.yale.edu/mailman/listinfo/cas
--
Mike Kennedy
Lead Technologist for Research Computing
Infrastructure and Security Group
[EMAIL PROTECTED]
951.827.4875
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_________________________________________________________________
The next generation of MSN Hotmail has arrived - Windows Live Hotmail
http://www.newhotmail.co.uk
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
