Hi Danny Basic authentication is only a transport protocol for credentials, it does no authentication. A separate security provider (e. g. LDAP, SQL Database,...) is required to perform authentication. CAS does authentication. The performance is dependent on your configuration.
The 100ms is the security payload, this is independent of the used authentication mechanism. Cheers Christian On Fri, Oct 23, 2015 at 10:09 PM, Danny Cheng <[email protected]> wrote: > Hi Christian: > > > > Yes, my configuration without CAS meant no security at all. I would think > basic authentication would be faster? Also, I guess it’s worth mentioning > that our CAS server is on a separate machine apart from where we have > GeoServer installed. Of course, I haven’t actually done the test to verify > this, but that’s my assumption. > > > > Thanks, > > Danny > > > > *From:* Christian Mueller [mailto:[email protected]] > *Sent:* Tuesday, October 20, 2015 2:07 AM > *To:* Danny Cheng > *Cc:* Andrea Aime; [email protected] > > *Subject:* Re: [Geoserver-users] GeoServer w/ CAS Performance > > > > Hi Danny > > > > Is your configuration without CAS a public configuration meaning no > security at all. ? > > Does it make a difference if you use basic auth instead of CAS ? > > > > Normally, the initial request should last longer. > > > > Cheers > > Christian > > > > > > On Mon, Oct 19, 2015 at 8:15 PM, Danny Cheng <[email protected]> > wrote: > > Hi Christian, > > > > I checked the log and have confirmed that only the initial GeoServer > request is hitting CAS – which is good. Maybe the 100ms difference with CAS > on/off is just an one-off result. > > > > Thanks, > Danny > > > > > > *From:* Christian Mueller [mailto:[email protected]] > *Sent:* Monday, October 19, 2015 7:43 AM > *To:* Andrea Aime > *Cc:* Danny Cheng; [email protected] > *Subject:* Re: [Geoserver-users] GeoServer w/ CAS Performance > > > > Hi Andrea > > > > For stateless authentication we have a cache to avoid the overhead for > each request. > > > > Additionally, you can allow session creation for each filter chain > individually (in this case the cache is not used). > > > > I am waiting for the reply of Danny, maybe there is a bug. > > > > Cheers > > Christian > > > > > > On Mon, Oct 19, 2015 at 9:54 AM, Andrea Aime <[email protected]> > wrote: > > Christian, > > thinking out loud here, we normally setup OGC services so that they don't > create a session > > because of the many clients hitting the server and the cost of keeping > sessions. > > > > However, for stuff like CAS where an authentication can make us do a > network call, would it be better > > to advise allowing session creation instead? Or do we have other caching > strategies? > > > > This is more of a general question, it may or not related to Danny's > problem > > > > Cheers > > Andrea > > > > > > On Sun, Oct 18, 2015 at 3:18 PM, Christian Mueller < > [email protected]> wrote: > > Hy Danny > > > > Please check the log file of the CAS Server. There you can see the > incoming requests and check if each GeoServer request triggers a CAS > request. > > > > Cheers > > Christian > > > > > > > > On Sun, Oct 18, 2015 at 4:34 AM, Danny Cheng <[email protected]> > wrote: > > Hi, > > > > I currently have a system with CAS single sign on integrated. I noticed > that with CAS enabled my OGC requests are taking ~100ms longer to get a > response. Is this expected? I would expect that only the initial request > would get a hit, but for me all my requests are taking the hit. > > > > Thanks, > > Danny > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Geoserver-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/geoserver-users > > > > > > -- > > DI Christian Mueller MSc (GIS), MSc (IT-Security) > > OSS Open Source Solutions GmbH > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Geoserver-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/geoserver-users > > > > > > -- > > == > > GeoServer Professional Services from the experts! Visit > > http://goo.gl/it488V for more information. > > == > > > > Ing. Andrea Aime > > @geowolf > > Technical Lead > > > > GeoSolutions S.A.S. > > Via Poggio alle Viti 1187 > > 55054 Massarosa (LU) > > Italy > > phone: +39 0584 962313 > > fax: +39 0584 1660272 > > mob: +39 339 8844549 > > > > http://www.geo-solutions.it > > http://twitter.com/geosolutions_it > > > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > > > ------------------------------------------------------- > > > > > > -- > > DI Christian Mueller MSc (GIS), MSc (IT-Security) > > OSS Open Source Solutions GmbH > > > > > > > > -- > > DI Christian Mueller MSc (GIS), MSc (IT-Security) > > OSS Open Source Solutions GmbH > > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
_______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
