Re: [cas-user] CAS Client Proxy distributed cache size
On Fri, Jan 23, 2015 at 02:03:39PM -0800, Misagh Moayyed wrote: I think Adam is talking about the sharing and distribution of PGTs on the client side for which there are ehcache and memcache implementations available when the app is clustered. There is no implementation yet available that is based on hazelcast for the client. Ah, my bad, I misread this thread and thought it was talking about clustering on the server side. -- Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/ Operating Systems and Network Analyst | hen...@cpp.edu California State Polytechnic University | Pomona CA 91768 -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS Client Proxy distributed cache size
I'd still like to know: Are Proxy Granting Tickets reused, or are they one time use only? If PGTs are reused, how long do they last before purged? On Fri, Jan 23, 2015 at 10:07 AM, Adam Causey apcau...@vcu.edu wrote: I originally was going with ehcache since there is a TicketStorage implementation already available, but then realized how easy it would be to create my own Hazelcast version. So I'm going to go with that instead, which should make things much easier. We're using hazelcast with great success in our CAS server installation, and I'm impressed with it's ability to work so well with minimal configuration. On Thu, Jan 22, 2015 at 4:25 PM, Paul B. Henson hen...@csupomona.edu wrote: From: Adam Causey Sent: Thursday, January 22, 2015 10:57 AM I am setting up a CAS proxy on a client that is clustered and am using the ehcache clustering option to distribute the PGTs between nodes. Personally I would recommend the Hazelcast clustering option over the ehcache mechanism… Any particular reason you are going with ehcache? -- Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/ Operating Systems and Network Analyst | hen...@cpp.edu California State Polytechnic University | Pomona CA 91768 -- You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS Client Proxy distributed cache size
Adam, Proxy Granting tickets *are* reused. Service providers get a PGT during proxy validation, and then can use them to request proxy tickets multiple times. Proxy Tickets (PTs) are one use only, just like service tickets (STs). The current protocol spec [1] states (section 3.3.1) Proxy-granting tickets MUST expire when the client whose authentication is being proxied logs out of CAS. Thanks, Carl Waldbieser ITS System Programmer Lafayette College [1] http://jasig.github.io/cas/development/protocol/CAS-Protocol-Specification.html - Original Message - From: Adam Causey apcau...@vcu.edu To: cas-user@lists.jasig.org Sent: Friday, January 23, 2015 12:10:19 PM Subject: Re: [cas-user] CAS Client Proxy distributed cache size I'd still like to know: Are Proxy Granting Tickets reused, or are they one time use only? If PGTs are reused, how long do they last before purged? On Fri, Jan 23, 2015 at 10:07 AM, Adam Causey apcau...@vcu.edu wrote: I originally was going with ehcache since there is a TicketStorage implementation already available, but then realized how easy it would be to create my own Hazelcast version. So I'm going to go with that instead, which should make things much easier. We're using hazelcast with great success in our CAS server installation, and I'm impressed with it's ability to work so well with minimal configuration. On Thu, Jan 22, 2015 at 4:25 PM, Paul B. Henson hen...@csupomona.edu wrote: From: Adam Causey Sent: Thursday, January 22, 2015 10:57 AM I am setting up a CAS proxy on a client that is clustered and am using the ehcache clustering option to distribute the PGTs between nodes. Personally I would recommend the Hazelcast clustering option over the ehcache mechanism… Any particular reason you are going with ehcache? -- Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/ Operating Systems and Network Analyst | hen...@cpp.edu California State Polytechnic University | Pomona CA 91768 -- You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: waldb...@lafayette.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CAS Client Proxy distributed cache size
From: Adam Causey Sent: Friday, January 23, 2015 7:07 AM I originally was going with ehcache since there is a TicketStorage implementation already available, but then realized how easy it would be to create my own Hazelcast version. I'm not sure what you mean about creating your own version? I am using the unicon implementation: https://github.com/Unicon/cas-addons/wiki/Configuring-HazelcastTicketRegistry -- Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/ Operating Systems and Network Analyst | hen...@cpp.edu California State Polytechnic University | Pomona CA 91768 -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS Client Proxy distributed cache size
I originally was going with ehcache since there is a TicketStorage implementation already available, but then realized how easy it would be to create my own Hazelcast version. So I'm going to go with that instead, which should make things much easier. We're using hazelcast with great success in our CAS server installation, and I'm impressed with it's ability to work so well with minimal configuration. On Thu, Jan 22, 2015 at 4:25 PM, Paul B. Henson hen...@csupomona.edu wrote: From: Adam Causey Sent: Thursday, January 22, 2015 10:57 AM I am setting up a CAS proxy on a client that is clustered and am using the ehcache clustering option to distribute the PGTs between nodes. Personally I would recommend the Hazelcast clustering option over the ehcache mechanism… Any particular reason you are going with ehcache? -- Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/ Operating Systems and Network Analyst | hen...@cpp.edu California State Polytechnic University | Pomona CA 91768 -- You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CAS Client Proxy distributed cache size
From: Adam Causey Sent: Thursday, January 22, 2015 10:57 AM I am setting up a CAS proxy on a client that is clustered and am using the ehcache clustering option to distribute the PGTs between nodes. Personally I would recommend the Hazelcast clustering option over the ehcache mechanism… Any particular reason you are going with ehcache? -- Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/ Operating Systems and Network Analyst | hen...@cpp.edu California State Polytechnic University | Pomona CA 91768 -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] CAS Client Proxy distributed cache size
I am setting up a CAS proxy on a client that is clustered and am using the ehcache clustering option to distribute the PGTs between nodes. I am trying to determine the cache size needed (maxEntriesLocalHeap setting) and the TTL. Are Proxy Granting Tickets reused, or are they one time use only? If PGTs are reused, how long do they last before it is purged? Thanks! Adam -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
