Do you mean to say ip-hash as load balancing mechnaism. I have tried that as well. But No Luck
Thanks Ramakrishna G On Sat, Aug 4, 2018 at 12:37 AM, Ramakrishna G <[email protected]> wrote: > Ray, > > Can you please elaborate this "If you set nginx to be sticky, will > validation succeed?" Any example for this. > > Also in cas logs I could see ticket was not validated when I go through > NGINX > > Thanks > Ramakrishna G > > > On Fri, Aug 3, 2018 at 11:02 PM, Ray Bon <[email protected]> wrote: > >> Ramakrishna, >> >> This sounds like slow ticket replication. Does redis sentinel have >> multiple stores? >> If you set nginx to be sticky, will validation succeed? >> >> Check your cas logs to see if the ticket is being validated. I think the >> cas client tries to validate the ticket using https. >> >> You could simplify your config: >> location /cas >> { >> proxy_pass http://cas.server/cas >> } >> >> Ray >> >> On Fri, 2018-08-03 at 22:28 +0530, Ramakrishna G wrote: >> >> Hello all, >> >> I am using Mod_auth_cas and HA- Cas server behind a loadbalancer. >> >> >> Whenever I set CASValidateURL to one of the cas servers it works fine. >> But when I send to cas via NGINX server then it says "Unauthorized error" >> in browser. >> >> My Nginx has >> >> location /cas/login >> { >> proxy_pass http://cas_server/cas/login; >> } >> >> location /cas/serviceValidate >> { >> proxy_pass http://cas_server/cas/serviceValidate; >> } >> >> location /secured >> { >> proxy_pass http:// <http://cas_server/cas>application >> _servers/api/services; >> } >> >> >> My cas.conf has >> >> LoadModule auth_cas_module modules/mod_auth_cas.so >> CASCertificatePath /etc/pki/tls/certs/ >> CASCookiePath /var/cache/mod_auth_cas/ >> CASLoginURL http://localhost:81/cas/login // Works fine >> CASValidateURL http://localhost:81/cas/serviceValidate // Pointing to >> NGINX >> #CASValidateURL http://localhost:8080/cas/serviceValidate // Pointing >> to one of the cas server - Works fine >> CASDebug On >> LogLevel debug >> >> No error as well. I am not sure where I am going wrong. >> >> Can anyone help please. >> >> Thanks >> Ramakrishna G >> >> >> >> -- >> Ray Bon >> Programmer analyst >> Development Services, University Systems >> 2507218831 | CLE 019 | [email protected] >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/a/ap >> ereo.org/d/msgid/cas-user/1533317546.2860.92.camel%40uvic.ca >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533317546.2860.92.camel%40uvic.ca?utm_medium=email&utm_source=footer> >> . >> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P-LqEhFKkme7fABvcqWkgVQo6RKW-d7TBHUHHrFrZhkDQ%40mail.gmail.com.
