Load balancing requirements for clustering CAS 3.0.x+

Andrew R Feller afelle1 at lsu.edu
Wed Aug 8 08:08:17 EDT 2007 

Thanks once again for taking the time to reply Mike and Scott; I
appreciate it!

 

I believe I've figured out the answer to my issue and will see about
updating the Clustering CAS documentation once I have confirmed it here.

 

As I mentioned below, I was concerned about the TGT cookie set in the
user's browser as it is set to domain of the CAS server by default
(ssoA.example.com) and how this wouldn't be visible to the other servers
(ssoB.example.com, ssoB.example.com, etc).  After reviewing the
documentation on the org.springframework.web.util.CookieGenerator
<http://www.springframework.org/docs/api/org/springframework/web/util/Co
okieGenerator.html> , I realized I could explicitly set the domain to a
higher level so all of the servers can see the cookie.  I can confirm
that making the CASTGC available to the highest domain (e.g.
example.com) will make it work, however I would like to keep that cookie
only visible to CAS.

 

What other options are available other than making the TGT cookie
visible to the highest domain (e.g example.com)?

 

Thanks,

 

Andrew R Feller, Analyst

Subversion Administrator

University Information Systems

Louisiana State University

afelle1 at lsu.edu

(office) 225.578.3737

 

-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
On Behalf Of Mike Kennedy
Sent: Tuesday, August 07, 2007 4:00 PM
To: Yale CAS mailing list
Subject: RE: Load balancing requirements for clustering CAS 3.0.x+

 

Andrew,

 

In our setup we use JBoss which uses Tomcat 5.5 as its embedded servlet

container. I don't use an Apache/AJP front end at all.

 

I set up a virtual host on each of the nodes of the cluster that

corresponds to the hostname associated with the ip on the frontend load

balancer.

 

In JBoss I added a jboss-web.xml file to the WEB-INF directory of the

cas web application that specifies which virtual host to deploy into.

With a standalone Tomcat installation like you want you can specify a

directory as part of of the <Host></Host> virtual host definition in

server.xml and deploy cas.war there.

 

Once that was set up I simply followed the instructions in this document

to finish the installation:

 

http://www.ja-sig.org/wiki/display/CASUM/Clustering+CAS

 

In this document there are three important things that need to be done:

guarantee ticket uniqueness, tomcat session replication and cas ticket

cache replication.

 

With my clustered JBoss setup I got tomcat session replication straight

out of the box with JBossCache/JGroups. So all I needed to worry about

were the spring bean configuration changes for ticket uniqueness and CAS

ticket replication backed by the JBossCache.

 

Mike

 

On Tue, 2007-08-07 at 13:00 -0500, Andrew R Feller wrote:

> Thanks for the response Mike!

> 

> My main concern stems from the issue with the cookies created by the
CAS

> servers.  They appear to be set for the domain of the server that
issued

> it (e.g. casA.example.com, casB.example.com, etc), which won't be

> available to the other servers in the cluster.

> 

> How are the CAS servers in your cluster set up?  I take it you have a

> single URL, which directs requests to a server.  What additional steps

> must be done to configure Apache/Tomcat/CAS for load balancing outside

> of a normal CAS deployment?

> 

> Thanks,

> 

> Andrew R Feller, Analyst

> Subversion Administrator

> University Information Systems

> Louisiana State University

> afelle1 at lsu.edu

> (office) 225.578.3737

> 

> -----Original Message-----

> From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]

> On Behalf Of Mike Kennedy

> Sent: Tuesday, August 07, 2007 11:33 AM

> To: Yale CAS mailing list

> Subject: Re: Load balancing requirements for clustering CAS 3.0.x+

> 

> At our site we have CAS clustering working with an F5 load balancer

> using sticky sessions. However, if the load balancer detects that a
node

> fails it migrates those sessions to another node where the Tomcat

> session and ticket cache have already been replicated.

> 

> In other words, we use sticky sessions and have uninterrupted service

> within the cluster.

> 

> On Tue, 2007-08-07 at 11:05 -0500, Andrew R Feller wrote:

> > Q: Are there any load balancing requirements for clustering CAS 3

> > server?

> > 

> >  

> > 

> > While following the Clustering CAS walkthrough in the CAS wiki, I

> > notice it didn't go in-depth about what options are available.
Aside

> > from using sticky sessions to redirect the user back to the CAS
server

> > they were authenticated against, what other options are available?
I

> > would prefer not to use sticky sessions as we want uninterrupted

> > service within the cluster.

> > 

> >  

> > 

> > Thanks,

> > 

> >  

> > 

> > Andrew R Feller, Analyst

> > 

> > Subversion Administrator

> > 

> > University Information Systems

> > 

> > Louisiana State University

> > 

> > afelle1 at lsu.edu

> > 

> > (office) 225.578.3737

> > 

> >  

> > 

> > 

> > _______________________________________________

> > Yale CAS mailing list

> > cas at tp.its.yale.edu

> > http://tp.its.yale.edu/mailman/listinfo/cas

-- 

Mike Kennedy

Lead Technologist for Research Computing

Infrastructure and Security Group

mikek at ucr.edu

951.827.4875

 

_______________________________________________

Yale CAS mailing list

cas at tp.its.yale.edu

http://tp.its.yale.edu/mailman/listinfo/cas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070808/d0aa2bee/attachment.html

More information about the cas mailing list