Configure CAS to have a good logout handling with a load balanced multi instance application

[Fabio Martelli]

Hi All, I need your help to understand how I can configure my CAS 5.1.X
single instance to control access to a multi instance application with a
load balancer in front.

Each single instance communicates with CAS directly. This latter
communicates with the clustered application through the LB.

With a sticky session configured on the LB I'm able to resolve any login
issue.

I cannot say the same about the logout: the request from CAS to
invalidate client application sessions in addition to its own SSO
session cannot reach the right instance because the LB does not have any
info to route the request correctly.

Can you suggest a solution?

Thank you in advance.

BR,

F.

--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html

Tirasa - Open Source Excellence
http://www.tirasa.net/index.html?pk_campaign=email&pk_kwd=fm

Apache Syncope PMC
http://people.apache.org/~fmartelli/

[Sébastien Beaudlot]

Hi

Do you have any backend configured for ticket registry ? This may be the easiest way to achieve your goal.

Memcache is easy to setup.

Regards.

Le 21 juillet 2017 17:17:29 GMT+02:00, Fabio Martelli <fabio.m...@gmail.com> a écrit :

Hi All, I need your help to understand how I can configure my CAS 5.1.X 
single instance to control access to a multi instance application with a 
load balancer in front.

Each single instance communicates with CAS directly. This latter 
communicates with the clustered application through the LB.

With a sticky session configured on the LB I'm able to resolve any login 
issue.

I cannot say the same about the logout: the request from CAS to 
invalidate client application sessions in addition to its own SSO 
session cannot reach the right instance because the LB does not have any 
info to route the request correctly.

Can you suggest a solution?

Thank you in advance.

BR,

F.

--

Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.

[Fabio Martelli]

Il 21/07/2017 18:57, Sébastien Beaudlot ha scritto:

Hi

Do you have any backend configured for ticket registry ? This may be the easiest way to achieve your goal.

Hi Sébastien, thank you for your prompt reply.
No I have not a backend configured in that way; I will try with memcache for sure.

In any case, what should be the best practice with CAS 5.1?

Best regards,
F.

Memcache is easy to setup.

Regards.

Le 21 juillet 2017 17:17:29 GMT+02:00, Fabio Martelli <fabio.m...@gmail.com> a écrit :

Hi All, I need your help to understand how I can configure my CAS 5.1.X 
single instance to control access to a multi instance application with a 
load balancer in front.

Each single instance communicates with CAS directly. This latter 
communicates with the clustered application through the LB.

With a sticky session configured on the LB I'm able to resolve any login 
issue.

I cannot say the same about the logout: the request from CAS to 
invalidate client application sessions in addition to its own SSO 
session cannot reach the right instance because the LB does not have any 
info to route the request correctly.

Can you suggest a solution?

Thank you in advance.

BR,

F.

--
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.

[Fabio Martelli]

Il 24/07/2017 08:04, Fabio Martelli ha scritto:

Il 21/07/2017 18:57, Sébastien Beaudlot ha scritto:

Hi

Do you have any backend configured for ticket registry ? This may be the easiest way to achieve your goal.

Hi Sébastien, thank you for your prompt reply.
No I have not a backend configured in that way; I will try with memcache for sure.

In any case, what should be the best practice with CAS 5.1?

Hi All, considering no feedbacks till now, can I suppose that the best practice is the shared ticket registry?
Thank you and best regards,
F.