high availability issue of CAS

Lin George george4academic at yahoo.com
Thu Nov 20 08:22:39 EST 2008 

Thanks Andrew!


I have two more questions for your reply below.

1.

You mentioned -- "One of the take aways to think about with a active-passive failover setup is how Single Sign Out (SSOut) behaves.  For those who use CAS 3.1 and higher, this feature will issue session invalidation calls whenever users logout of CAS to any application that had a service ticket validated."

I think active-passive setup you mean setup two CAS servers, and one as primary which always do authentication if the server is live. The other server is slave server which will not do authentication when primary server is working (slave server will take effect when primary server is down)? Correct understanding?

I am confused about why setup with an active-passive failover deployment will cause issues like "session invalidation calls whenever users logout of CAS to any application that had a service ticket validated"? Could you describe in more details?

2.

You mentioned -- "If registry information is not replicated between machines and applications expect the CAS logout to invalidate session information, then users' application sessions will still be active until whatever mechanism is used to remember the user (cookie, session information, etc)." -- so your suggestion is to replicate session information between two servers? What information do you think we need to setup to replicate?

regards,
George

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Message: 5
Date: Wed, 19 Nov 2008 09:32:59 -0600
From: "Andrew Ralph Feller, afelle1" <afelle1 at lsu.edu>
Subject: Re: high availability issue of CAS
To: CAS Users <cas at tp.its.yale.edu>
Message-ID: <C5498DCB.BE4E%afelle1 at lsu.edu>
Content-Type: text/plain;    charset="ISO-8859-1"

One of the take aways to think about with a active-passive failover setup is
how Single Sign Out (SSOut) behaves.  For those who use CAS 3.1 and higher,
this feature will issue session invalidation calls whenever users logout of
CAS to any application that had a service ticket validated.

If registry information is not replicated between machines and applications
expect the CAS logout to invalidate session information, then users'
application sessions will still be active until whatever mechanism is used
to remember the user (cookie, session information, etc).

This issue is alleviated when you replicate registry information via JBoss
Cache, Memcached, or JPA.

$0.02,
A-

More information about the cas mailing list