Service Tickets aren't stored in client session. The token is because it prevents credential replay from a Back Button/Re-POST.
There are separate steps for clustering the CAS server's backend. Cheers, Scott On Tue, Oct 4, 2011 at 9:56 AM, Ourada, John <jour...@depaul.edu> wrote: > Am I missing something? What happens when the server validates the service > ticket (ST)? The LB won't know about the client's sticky session. It may > attach to the wrong server and not find the service ticket created by the > client browser. > > There is an extra step, correct? The application must connect to the > server where the ST was created. Most likely using the suffix of the ST to > find that server. > > The issue with this scenario is that you are just splitting the load and > not really creating a cluster. Only half of your clients are affected if > one server fails or is taken out of service. > > For a while we used a poor man's fail-over. The LB looked for a file in > the /ROOT webapp, if it found it, that server could be marked up. It also > checked that the /cas/login page was returning status=200OK. This gave us > (the administrators of CAS) control over which server was active without > having to bug the administrator for the LB. > > -John > > -----Original Message----- > From: Marvin Addison [mailto:marvin.addi...@gmail.com] > Sent: Tuesday, October 04, 2011 8:26 AM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] Login Ticket in CAS Cluster > > > Thanks Scott. I'm guessing then to avoid clustering the HTTP session > > we'd need to use sticky sessions on our load balancer? > > Correct. I should note that there used to be a capability in Spring Web > Flow 1.x where flow execution state could be stored client-side to > facilitate truly stateless clustering, but this capability was removed in > 2.x, which is the version we're using. It's my understanding this > capability will be restored in a future version. > > M > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > jour...@depaul.edu To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
