Thanks Andrew!
I have two more questions for your reply below. 1. You mentioned -- "One of the take aways to think about with a active-passive failover setup is how Single Sign Out (SSOut) behaves. For those who use CAS 3.1 and higher, this feature will issue session invalidation calls whenever users logout of CAS to any application that had a service ticket validated." I think active-passive setup you mean setup two CAS servers, and one as primary which always do authentication if the server is live. The other server is slave server which will not do authentication when primary server is working (slave server will take effect when primary server is down)? Correct understanding? I am confused about why setup with an active-passive failover deployment will cause issues like "session invalidation calls whenever users logout of CAS to any application that had a service ticket validated"? Could you describe in more details? 2. You mentioned -- "If registry information is not replicated between machines and applications expect the CAS logout to invalidate session information, then users' application sessions will still be active until whatever mechanism is used to remember the user (cookie, session information, etc)." -- so your suggestion is to replicate session information between two servers? What information do you think we need to setup to replicate? regards, George ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Message: 5 Date: Wed, 19 Nov 2008 09:32:59 -0600 From: "Andrew Ralph Feller, afelle1" <[EMAIL PROTECTED]> Subject: Re: high availability issue of CAS To: CAS Users <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="ISO-8859-1" One of the take aways to think about with a active-passive failover setup is how Single Sign Out (SSOut) behaves. For those who use CAS 3.1 and higher, this feature will issue session invalidation calls whenever users logout of CAS to any application that had a service ticket validated. If registry information is not replicated between machines and applications expect the CAS logout to invalidate session information, then users' application sessions will still be active until whatever mechanism is used to remember the user (cookie, session information, etc). This issue is alleviated when you replicate registry information via JBoss Cache, Memcached, or JPA. $0.02, A- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
