Another thing, if you keep /cas in you cookiePath : the CASTGC should only be send by you browser for matching url : - https://*.cas.example.com/cas/* - https://*.example.com/cas/* depending of your final architecture.
Regards, -Arnaud On 8/8/07, Matt Turner <[EMAIL PROTECTED]> wrote: > > Could you use: > > ssoA.cas.example.com > ssoB.cas.example.com ? > > > > > > ------------------------------ > Subject: RE: Load balancing requirements for clustering CAS 3.0.x+ > Date: Wed, 8 Aug 2007 07:08:17 -0500 > From: [EMAIL PROTECTED] > To: [email protected] > > Thanks once again for taking the time to reply Mike and Scott; I > appreciate it! > > > > I believe I've figured out the answer to my issue and will see about > updating the Clustering CAS documentation once I have confirmed it here. > > > > As I mentioned below, I was concerned about the TGT cookie set in the > user's browser as it is set to domain of the CAS server by default ( > ssoA.example.com) and how this wouldn't be visible to the other servers ( > ssoB.example.com, ssoB.example.com, etc). After reviewing the > documentation on the > org.springframework.web.util.CookieGenerator<http://www.springframework.org/docs/api/org/springframework/web/util/CookieGenerator.html>, > I realized I could explicitly set the domain to a higher level so all of the > servers can see the cookie. I can confirm that making the CASTGC available > to the highest domain (e.g. example.com) will make it work, however I > would like to keep that cookie only visible to CAS. > > > > What other options are available other than making the TGT cookie visible > to the highest domain (e.g example.com)? > > > > Thanks, > > > > Andrew R Feller, Analyst > > Subversion Administrator > > University Information Systems > > Louisiana State University > > [EMAIL PROTECTED] > > (office) 225.578.3737 > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Mike Kennedy > Sent: Tuesday, August 07, 2007 4:00 PM > To: Yale CAS mailing list > Subject: RE: Load balancing requirements for clustering CAS 3.0.x+ > > > > Andrew, > > > > In our setup we use JBoss which uses Tomcat 5.5 as its embedded servlet > > container. I don't use an Apache/AJP front end at all. > > > > I set up a virtual host on each of the nodes of the cluster that > > corresponds to the hostname associated with the ip on the frontend load > > balancer. > > > > In JBoss I added a jboss-web.xml file to the WEB-INF directory of the > > cas web application that specifies which virtual host to deploy into. > > With a standalone Tomcat installation like you want you can specify a > > directory as part of of the <Host></Host> virtual host definition in > > server.xml and deploy cas.war there. > > > > Once that was set up I simply followed the instructions in this document > > to finish the installation: > > > > http://www.ja-sig.org/wiki/display/CASUM/Clustering+CAS > > > > In this document there are three important things that need to be done: > > guarantee ticket uniqueness, tomcat session replication and cas ticket > > cache replication. > > > > With my clustered JBoss setup I got tomcat session replication straight > > out of the box with JBossCache/JGroups. So all I needed to worry about > > were the spring bean configuration changes for ticket uniqueness and CAS > > ticket replication backed by the JBossCache. > > > > Mike > > > > On Tue, 2007-08-07 at 13:00 -0500, Andrew R Feller wrote: > > > Thanks for the response Mike! > > > > > > My main concern stems from the issue with the cookies created by the CAS > > > servers. They appear to be set for the domain of the server that issued > > > it (e.g. casA.example.com, casB.example.com, etc), which won't be > > > available to the other servers in the cluster. > > > > > > How are the CAS servers in your cluster set up? I take it you have a > > > single URL, which directs requests to a server. What additional steps > > > must be done to configure Apache/Tomcat/CAS for load balancing outside > > > of a normal CAS deployment? > > > > > > Thanks, > > > > > > Andrew R Feller, Analyst > > > Subversion Administrator > > > University Information Systems > > > Louisiana State University > > > [EMAIL PROTECTED] > > > (office) 225.578.3737 > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > On Behalf Of Mike Kennedy > > > Sent: Tuesday, August 07, 2007 11:33 AM > > > To: Yale CAS mailing list > > > Subject: Re: Load balancing requirements for clustering CAS 3.0.x+ > > > > > > At our site we have CAS clustering working with an F5 load balancer > > > using sticky sessions. However, if the load balancer detects that a node > > > fails it migrates those sessions to another node where the Tomcat > > > session and ticket cache have already been replicated. > > > > > > In other words, we use sticky sessions and have uninterrupted service > > > within the cluster. > > > > > > On Tue, 2007-08-07 at 11:05 -0500, Andrew R Feller wrote: > > > > Q: Are there any load balancing requirements for clustering CAS 3 > > > > server? > > > > > > > > > > > > > > > > While following the Clustering CAS walkthrough in the CAS wiki, I > > > > notice it didn't go in-depth about what options are available. Aside > > > > from using sticky sessions to redirect the user back to the CAS server > > > > they were authenticated against, what other options are available? I > > > > would prefer not to use sticky sessions as we want uninterrupted > > > > service within the cluster. > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > Andrew R Feller, Analyst > > > > > > > > Subversion Administrator > > > > > > > > University Information Systems > > > > > > > > Louisiana State University > > > > > > > > [EMAIL PROTECTED] > > > > > > > > (office) 225.578.3737 > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > Yale CAS mailing list > > > > [email protected] > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > -- > > Mike Kennedy > > Lead Technologist for Research Computing > > Infrastructure and Security Group > > [EMAIL PROTECTED] > > 951.827.4875 > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > ------------------------------ > Play Movie Mash-up and win BIG prizes! <https://www.moviemashup.co.uk> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- Arnaud Lesueur LinkedIn: http://www.linkedin.com/in/lesueur
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
