Andrew, I don't believe there should be any clock skew issue since the expiration time for a TGT is rather large. A service ticket's is also pretty large ( i.e. 5 minutes).
-Scott On 10/16/07, Andrew R Feller <[EMAIL PROTECTED]> wrote: > > Cliff, > > > > Stupid question: what version of CAS are you configuring? > > > > I examined the source behind the ticket granting ticket expiration class > and noticed it always references the system time, so even if it was skewed, > it wouldn't affect things. Perhaps Scott can comment whether a clock skew > affects anything in CAS. > > > > Andrew R Feller, Analyst > > Subversion Administrator > > University Information Systems > > Louisiana State University > > [EMAIL PROTECTED] > > (office) 225.578.3737 > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Clifford Bryant > *Sent:* Tuesday, October 16, 2007 9:46 AM > *To:* Yale CAS mailing list > *Subject:* RE: CAS Clustering Not Working > > > > Andrew, > > > > How important is it for the server's clocks to be in sync? I have been > playing around with NTP. I am not sure that I have gotten it right, yet. > But, the clustering seems to be working. > > > > Cliff > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Andrew R Feller > *Sent:* Tuesday, October 16, 2007 10:15 AM > *To:* Yale CAS mailing list > *Subject:* RE: CAS Clustering Not Working > > > > Clifford, > > > > You are correct, JBoss Cache is to replicate CAS' ticket registry. This > ticket registry along with Tomcat's session information must be replicated > amongst all of the clustered machines. Excuse the obligatory "did you" > checklist: > > > > - Configured Tomcat's conf/server.xml for session replication > (different settings than JBoss) > - Configured firewall to accept connections for both Tomcat and > JBoss session replication > - Modified applicationContext for ticket uniqueness and configured > cas.properties file with servers' names > > > > If you could, configure Log4J to log debug messages for > org.jasig.cas.ticket.registry and org.apache.catalina.cluster. This might > tell you why Apache / JBoss hasn't found the other member. > > > > Andrew R Feller, Analyst > > Subversion Administrator > > University Information Systems > > Louisiana State University > > [EMAIL PROTECTED] > > (office) 225.578.3737 > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Clifford Bryant > *Sent:* Tuesday, October 16, 2007 7:36 AM > *To:* Yale CAS mailing list > *Subject:* RE: CAS Clustering Not Working > > > > The production environment has 4 Apache/Tomcat servers fronted by a BigIP > load balancer. > > > > To test out the concept, I have 2 (virtual) Linux servers each running > Tomcat, with Apache load balancer on one of them. > > > > I thought that the JBoss stuff was for the Ticket Cache Replication? > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Andrew R Feller > *Sent:* Tuesday, October 16, 2007 8:17 AM > *To:* Yale CAS mailing list > *Subject:* RE: CAS Clustering Not Working > > > > Clifford, > > > > What is your intended scenario? Have you setup two instances of CAS on a > single machine or are they on different machines? It appears as though you > have JBoss configured for localhost (127.0.0.1:32789), which makes me > curious. > > > > Andrew R Feller, Analyst > > Subversion Administrator > > University Information Systems > > Louisiana State University > > [EMAIL PROTECTED] > > (office) 225.578.3737 > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Clifford Bryant > *Sent:* Monday, October 15, 2007 12:58 PM > *To:* [email protected] > *Subject:* CAS Clustering Not Working > > > > Hi, > > > > I followed the instructions in the CAS clustering link. The multicast > ping is working. But, the CAS clustering is not working. If I shut down > the first server, and browse to the second server, then I am prompted to > login again to the second server. > > > > This is the log from Catalina.out. > > > > Oct 15, 2007 12:44:24 PM org.apache.catalina.cluster.tcp.SimpleTcpClusterstart > > INFO: Cluster is about to start > > Oct 15, 2007 12:44:24 PM > org.apache.catalina.cluster.tcp.ReplicationTransmitter start > > INFO: Start ClusterSender at cluster Catalina:type=Cluster,host=localhost > with name Catalina:type=ClusterSender,host=localhost > > Oct 15, 2007 12:44:24 PM > org.apache.catalina.cluster.mcast.McastServiceImpl setupSocket > > INFO: Setting cluster mcast TTL to 1 > > Oct 15, 2007 12:44:24 PM org.apache.catalina.cluster.mcast.McastServicestart > > INFO: Sleeping for 2000 milliseconds to establish cluster membership > > Oct 15, 2007 12:44:26 PM > org.apache.catalina.cluster.mcast.McastServiceregisterMBean > > INFO: membership mbean registered > (Catalina:type=ClusterMembership,host=localhost) > > Oct 15, 2007 12:44:29 PM org.apache.catalina.cluster.session.DeltaManagerstart > > INFO: Register manager /cas to cluster element Host with name localhost > > Oct 15, 2007 12:44:29 PM org.apache.catalina.cluster.session.DeltaManagerstart > > INFO: Starting clustering manager at /cas > > Oct 15, 2007 12:44:29 PM > org.apache.catalina.cluster.session.DeltaManagergetAllClusterSessions > > INFO: Manager [/cas]: skipping state transfer. No members active in > cluster group. > > 2007-10-15 12:44:32,075 INFO [org.jasig.cas.util.JBossCacheFactoryBean] - > <Starting TreeCache service.> > > > > ------------------------------------------------------- > > GMS: address is 127.0.0.1:32789 > > > > Cliff Bryant > > > > > > > > This e-mail and any files transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. This communication may contain information that is protected from > disclosure by applicable law. If you are not the intended recipient, or the > employee or agent responsible for delivering this communication to the > intended recipient, be advised that you have received this e-mail in error > and any use, dissemination, forwarding, printing or copying of this e-mail is > strictly prohibited. If you believe that you have received this e-mail in > error, please immediately notify Edgewater Technology by telephone at (781) > 246-3343 and delete the communication from all e-mail files. > > > > > > > > This e-mail and any files transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. This communication may contain information that is protected from > disclosure by applicable law. If you are not the intended recipient, or the > employee or agent responsible for delivering this communication to the > intended recipient, be advised that you have received this e-mail in error > and any use, dissemination, forwarding, printing or copying of this e-mail is > strictly prohibited. If you believe that you have received this e-mail in > error, please immediately notify Edgewater Technology by telephone at (781) > 246-3343 and delete the communication from all e-mail files. > > > > > > > > This e-mail and any files transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. This communication may contain information that is protected from > disclosure by applicable law. If you are not the intended recipient, or the > employee or agent responsible for delivering this communication to the > intended recipient, be advised that you have received this e-mail in error > and any use, dissemination, forwarding, printing or copying of this e-mail is > strictly prohibited. If you believe that you have received this e-mail in > error, please immediately notify Edgewater Technology by telephone at (781) > 246-3343 and delete the communication from all e-mail files. > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
