CAS clustering ?

Scott Battaglia scott_battaglia at rutgers.edu
Wed Jun 28 10:31:40 EDT 2006 

Amit,

What kind of load are you expecting?  You may not need a cluster (if 
you're only interested in stopping excessive load).  CAS itself is not a 
very process-intensive application. 

That said, its possible to cluster CAS (the easiest way is to use sticky 
sessions on your load balancer and a distributed registry).  3.0.5 
includes an EhCacheDistributedRegistry.  This was tested by one group 
and they are having trouble optimizing it to prevent deadlock (the 
synchronous updates of EhCache caused deadlock while making them 
unsynchronized lost messages).  We have a JGroups implementation that I 
can forward to you (we haven't included in the core because it uses a 
deprecated JGroups class).

We also came up with another alternative at Rutgers (that we haven't 
implemented) if you're only interested in load balancing and not 
redundancy/high-availability.  Each TicketIdGenerator allows you to 
specify a suffix to a ticket.  So if each server specifies a unique 
suffix, then a load balancer that can read the request (if they can 
decrypt SSL) can look at the suffix and redirect the request to the 
proper server.

-Scott

Scott Battaglia
Application Developer, Architecture & Engineering Team
Enterprise Systems and Services, Rutgers University
v: 732.445.0097 | f: 732.445.5493 | scott_battaglia at rutgers.edu 



Kothari, Amit wrote:
> Greetings everybody,
>  
> We are evaluating CAS for SSO-enabling our applications. Is clustering 
> of CAS servers possible ?
> To avoid excessive server load during high volume of authentication 
> requests, we plan to setup multiple CAS servers to handle 
> authentication requests.
> Let's say our applications (cas-client)  and CAS servers will 
> be configured like this:
>  
> Users redirecting to App1, App2 will be authenticated by CASServer1.
> Users redirecting to App3 will be authenticated by CASServer2.
> Users redirecting to App4 will be authenticated by CASServer3.
>  
> Once a user gets authenticated by any one CASServer, the user should 
> be able to browse any other application protected by a different 
> CASServer.
> *_E.g_*: Once user1 gets authenticated by CASServer1, user1 can 
> successfully browse App1 and App2. So far so good.
> _Requirement_ --> user1 should be able to browse App3 and App4 without 
> being authenticated.
>  
> Is this possible ? Has anybody tried something like this before ?
> We are using Tomcat 5.0.x for CAS server & client deployments. CAS 
> Server --> 3.0.4 and Yale CAS Client --> 2.0.11
>  
> Since CAS server 3.0.5 supports distributed ticket registries, can we 
> use 3.0.5 ? How much code /configuration will be needed to achieve the 
> desired functionality ?
> I couldn't find any documentation about enabling distributed ticket 
> registries. Any pointers will be appreciated.
>  
> Thanks in advance,
>  
> - Amit
>  
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>

More information about the cas mailing list