CAS 5.1.1. EhCacheTicketRegistry problem.

[Filip Majernik]

Hello,

I am using the EhCacheTicketRegistry, within an instance of CAS 5.1.1. Our performance tests of the application showed, that about a 50% of our log-in request fail. The reason for that is that sometimes the service ticket is not found in the ticket registry, although it has been successfully generated and put there (I can see it in the logs). I have managed to reproduce this behavior even manually with two browsers. If I login quickly from two separate sessions, sometimes the second login attempt fails on the validation of a service ticket. If I do not use the EhCacheTicketRegistry, this issue dissappears. Is there maybe some configuration, which I am missing? 

Thx, Filip.

[Ray Bon]

Filip,

Ehcache is rather slow at storing/distributing tickets. If validation is done on a different server than where ticket was created, CAS will think ST is invalid.

You could set your CAS servers to be primary/secondary rather than round robin on your load balancer or switch to a different cache system.

Ray

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

[David Curry]

We had a similar problem when using MongoDB as our ticket cache.

We were able to alleviate it temporarily using the solution Ray suggests, of making one of the CAS servers primary on the load balancer. But we didn't like that as a long-term answer.

Once we were able to, we replaced MongoDB with Hazelcast for the ticket registry and haven't had a single problem since. We still use MongoDB for the service registry, though.

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david...@newschool.edu

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5471439968b04ef9f58bc965ef26f04c890dadd7.camel%40uvic.ca.