Hi Christian: Yes, my configuration without CAS meant no security at all. I would think basic authentication would be faster? Also, I guess it’s worth mentioning that our CAS server is on a separate machine apart from where we have GeoServer installed. Of course, I haven’t actually done the test to verify this, but that’s my assumption.
Thanks, Danny From: Christian Mueller [mailto:[email protected]] Sent: Tuesday, October 20, 2015 2:07 AM To: Danny Cheng Cc: Andrea Aime; [email protected] Subject: Re: [Geoserver-users] GeoServer w/ CAS Performance Hi Danny Is your configuration without CAS a public configuration meaning no security at all. ? Does it make a difference if you use basic auth instead of CAS ? Normally, the initial request should last longer. Cheers Christian On Mon, Oct 19, 2015 at 8:15 PM, Danny Cheng <[email protected]<mailto:[email protected]>> wrote: Hi Christian, I checked the log and have confirmed that only the initial GeoServer request is hitting CAS – which is good. Maybe the 100ms difference with CAS on/off is just an one-off result. Thanks, Danny From: Christian Mueller [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, October 19, 2015 7:43 AM To: Andrea Aime Cc: Danny Cheng; [email protected]<mailto:[email protected]> Subject: Re: [Geoserver-users] GeoServer w/ CAS Performance Hi Andrea For stateless authentication we have a cache to avoid the overhead for each request. Additionally, you can allow session creation for each filter chain individually (in this case the cache is not used). I am waiting for the reply of Danny, maybe there is a bug. Cheers Christian On Mon, Oct 19, 2015 at 9:54 AM, Andrea Aime <[email protected]<mailto:[email protected]>> wrote: Christian, thinking out loud here, we normally setup OGC services so that they don't create a session because of the many clients hitting the server and the cost of keeping sessions. However, for stuff like CAS where an authentication can make us do a network call, would it be better to advise allowing session creation instead? Or do we have other caching strategies? This is more of a general question, it may or not related to Danny's problem Cheers Andrea On Sun, Oct 18, 2015 at 3:18 PM, Christian Mueller <[email protected]<mailto:[email protected]>> wrote: Hy Danny Please check the log file of the CAS Server. There you can see the incoming requests and check if each GeoServer request triggers a CAS request. Cheers Christian On Sun, Oct 18, 2015 at 4:34 AM, Danny Cheng <[email protected]<mailto:[email protected]>> wrote: Hi, I currently have a system with CAS single sign on integrated. I noticed that with CAS enabled my OGC requests are taking ~100ms longer to get a response. Is this expected? I would expect that only the initial request would get a hit, but for me all my requests are taking the hit. Thanks, Danny ------------------------------------------------------------------------------ _______________________________________________ Geoserver-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/geoserver-users -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH ------------------------------------------------------------------------------ _______________________________________________ Geoserver-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/geoserver-users -- == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313<tel:%2B39%200584%20962313> fax: +39 0584 1660272<tel:%2B39%200584%201660272> mob: +39 339 8844549<tel:%2B39%20%C2%A0339%208844549> http://www.geo-solutions.it http://twitter.com/geosolutions_it AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. ------------------------------------------------------- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
_______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
