Scott,
The reason why I'm asking about clustering is because in the
cross-domain solution, the WAN our websites would living under is known
to go up and down.
If it goes down and the CAS server if installed on the west coast is
unavailable for our east coast users, I want to believe if I understand
the architecture correctly would not
be able to log into the east coast website.
What I think would help solve the problem is if we could cluster the CAS
server on both east coast and west coast, so that if an east coast user
tries and log into an east coast website and it tries to redirect them
to the west coast CAS server and it is unavailable becase the WAN is
down, and assuming our east coast website can detect that it is down or
unavailble and can then try and redirect to the east coast CAS server
for authentication.
I know with the cluster instructions it talks about IP multicast, but I
know across the WAN IP multicast won't work. However, I saw a
requirement for clustering to use JBOSS and I know that JBOSS leverages
JGroups which has technoogy for Multicasting over TCP, so I was
wondering if the clustering over a WAN would work and solve our
challenge.
If so I am wondering if someone has set up that type of architecture
already with some success and might be able to share their thoughts and
recipes.
Also, the current websites currently have their own internal
authetication mechanisms.
Site 1: Mysql lookup.
Site 2: Mysql lookup or LDAP.
Site 3: Apache Basic Authentication (.htaccess).
I am wondering when we implement this, if part of the process is to
refactor the website code to redirect to the CAS server for
authentication and then detect if the ticket gets established.
It kind of makes sense for the Mysql one, but I'm not clear as far as
the Apache Basic Authentication.
-Peter
-----Original Message-----
From: Scott Battaglia [mailto:[email protected]]
Sent: Thursday, February 05, 2009 5:33 PM
To: [email protected]
Subject: Re: [cas-user] Question on CAS Server Clustering via
the WAN.
Peter,
If you're merely concerned about cross-domain SSO then you don't
need clustering. If you actually want to cluster the CAS servers for
redundancy, the CAS 3.2 instructions should work on CAS 3.3 (they may be
slightly different, but nothing earth-shattering).
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Feb 5, 2009 at 6:29 PM, Peter Thung
<[email protected]> wrote:
I read through the documentation on CAS clustering:
http://www.ja-sig.org/wiki/display/CASUM/Clustering+CAS#ClusteringCAS-re
ferences
And I have a few queestions.
1. Can the clustering work over a WAN, where IP
multicast is not avaialable? I'm thinking maybe if it works with JBOSS
which relies on JGroups(http://jgroups.org/) which can do Multicast over
a WAN.
However, I did not see any recipe or instructions on
this.
2. The instructions for clustering seem to cover the
following versions:
CAS 3.0.6 or greater
CAS 3.1.0 or greater
CAS 3.2.0 or greater
I'm wondering if the 3.2.0 instructions also apply to
3.3.1 (if anyone has had any success).
3. Basically, my project is thinking of doing SSO with
3 websites we currently run on separate domains, but eventually we plan
to mirror one of the sites across a WAN, but still try and make sure SSO
works. Note: the websites currently are written in PHP and deployed
under Apache webserver and not sure if that really has an affect on
anything.
Note: this link w/i the documentation is bad:
http://www.ja-sig.org/products/cas/server/cluster/index.html
--
You are currently subscribed to [email protected]
as: [email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
