Hi all, we're trying to configure a clustered CAS 3.0.7 platform, following the instructions at http://www.ja-sig.org/wiki/display/CASUM/Clustering+CAS#ClusteringCAS-references .
We connect to a webapp which redirects to the cas login url. Once the login is done, cas redirects the user to the webapp page. cas and the webapp are on the same tomcat (5.5). All is working flawlessly with a single-server environment, but after having configured cas and tomcat to replicate sessions and tickets among two server, we have this behavior: The user goes to http://oursite.domain.it/application . The application doesn't find a suitable ticket, so redirects the browser to https://oursite.domain.it/cas/login . The user logs in successfully and cas tries to redirect the browser back to http://oursite.domain.it/application , which find that the given ticket is not valid because obtained from the remote server. Shouldn't they be syncronized? What could be wrong? With the same configuration, and shutting down one of the two servers, all works fine. This is an extract from the log, on the server that grants the ticket: 2007-08-21 11:52:07,947 INFO [ org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: [EMAIL PROTECTED]> 2007-08-21 11:52:07,949 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-3-tqk4bNPe05dvGmgaeJCkBidNCEvNOndyekq-server2] for service [http://mysite.domain.it/Application] for user [ [EMAIL PROTECTED]> And this is from the other server, contacted by the application for validation: Aug 21, 2007 2:02:29 PM edu.yale.its.tp.cas.client.CASReceipt getReceipt SEVERE: validation of [[edu.yale.its.tp.cas.client.ProxyTicketValidatorproxyList=[null] [ edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[ https://mysite.domain.it/cas/proxyValidate] ticket=[ST-3-tqk4bNPe05dvGmgaeJCkBidNCEvNOndyekq-server2] service=[http%3A%2F%2Fmysite.domain.it%3A8080%2FApplication] errorCode=[INVALID_TICKET] errorMessage=[ticket 'ST-3-tqk4bNPe05dvGmgaeJCkBidNCEvNOndyekq-server2' not recognized] renew=false entireResponse=[<cas:serviceResponse xmlns:cas=' http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ticket 'ST-3-tqk4bNPe05dvGmgaeJCkBidNCEvNOndyekq-server2' not recognized </cas:authenticationFailure> </cas:serviceResponse> ]]]] was not successful. Any idea about what could be wrong? Thanks in advance. -- Claudio Tassini
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
