CAS Scalling

[Ramakrishna G]

Hello

I am running a load balancer(NGINX) which redirects the request to Mod_Auth_Cas(Apache) and its corresponding CAS Server(Tomcat).

Drawback of current approach what I am using is

-> One tomcat for one apache which I want to remove. Also I need to remove multiple node connection.

Is there a way I can configure single Apache to talk to multiple Tomcat. In other words single Mod_Auth_Cas will talk to multiple Cas Server. How can I achive it.

Note: I know it can be achieved by adding NGINX in between Apache and Tomcat to make it work. But I am looking for a cost efficient and less utilized(node) approach.

Thanks 

Ramakrishna G

[Richard Frovarp]

A bit confused as to why you need the IdP (CAS Server) and the SP (mod_auth_cas) on every system. You don't need mod_auth_cas to run the CAS Server. There is mod_proxy_balancer in HTTPD which can do load balancing to multiple backends.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P-%3De%2BCrUzWEOBkX%2BN89cba31Cnh70p9%2BebN-5RMGc-Gog%40mail.gmail.com.

[Ramakrishna G]

 I have a requirement where I hit a url say www.abc.com/123 which redirects to cas if not logged in, generates tickets and then redirects to specified url. User is unaware of CAS. Internally we are handling the request to forward to CAS or specified url based on ticket. This is the reason I am using Mod_Auth_CAS

Can you pls elaborate  mod_proxy_balancer and how will it help my requirement to meet?

Thanks in Advance

Ramakrishna G

On Mon, May 7, 2018 at 8:29 PM, Richard Frovarp <richard...@ndsu.edu> wrote:

A bit confused as to why you need the IdP (CAS Server) and the SP (mod_auth_cas) on every system. You don't need mod_auth_cas to run the CAS Server. There is mod_proxy_balancer in HTTPD which can do load balancing to multiple backends.

On 05/07/2018 09:13 AM, Ramakrishna G wrote:

Hello

I am running a load balancer(NGINX) which redirects the request to Mod_Auth_Cas(Apache) and its corresponding CAS Server(Tomcat).

Drawback of current approach what I am using is

-> One tomcat for one apache which I want to remove. Also I need to remove multiple node connection.

Is there a way I can configure single Apache to talk to multiple Tomcat. In other words single Mod_Auth_Cas will talk to multiple Cas Server. How can I achive it.

Note: I know it can be achieved by adding NGINX in between Apache and Tomcat to make it work. But I am looking for a cost efficient and less utilized(node) approach.

Thanks 

Ramakrishna G

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P-%3De%2BCrUzWEOBkX%2BN89cba31Cnh70p9%2BebN-5RMGc-Gog%40mail.gmail.com.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7180e6b8-7801-e55b-eb4f-402d3852201b%40ndsu.edu.

[Ramakrishna G]

In short my current setup is

1. We have 2 active CAS nodes installed on Apache Tomcat 8.0.

2. Each tomcat is behind a Apache Webserver which does the proxy. i.e 2 Tomcat & 2 Apache Webserver

3. Both webserver are behind a load balancer(NGINX).

and what I need is

1.  2 active CAS nodes installed on Apache Tomcat 8.0.

2.  Both tomcat behind a Single Apache webserver which does the proxy.  i.e 2 Tomcat & 1 Apache Webserver

3. Single webserver behind a load balancer(NGINX)

Note: 2 active CAS nodes will increase. I have used 2 as reference number. Entire setup can scale either horizontally or vertically.

On Tue, May 8, 2018 at 12:02 PM, Ramakrishna G <r...@tts.in> wrote:

 I have a requirement where I hit a url say www.abc.com/123 which redirects to cas if not logged in, generates tickets and then redirects to specified url. User is unaware of CAS. Internally we are handling the request to forward to CAS or specified url based on ticket. This is the reason I am using Mod_Auth_CAS

Can you pls elaborate  mod_proxy_balancer and how will it help my requirement to meet?

Thanks in Advance

Ramakrishna G

On Mon, May 7, 2018 at 8:29 PM, Richard Frovarp <richard...@ndsu.edu> wrote:

A bit confused as to why you need the IdP (CAS Server) and the SP (mod_auth_cas) on every system. You don't need mod_auth_cas to run the CAS Server. There is mod_proxy_balancer in HTTPD which can do load balancing to multiple backends.

On 05/07/2018 09:13 AM, Ramakrishna G wrote:

Hello

I am running a load balancer(NGINX) which redirects the request to Mod_Auth_Cas(Apache) and its corresponding CAS Server(Tomcat).

Drawback of current approach what I am using is

-> One tomcat for one apache which I want to remove. Also I need to remove multiple node connection.

Is there a way I can configure single Apache to talk to multiple Tomcat. In other words single Mod_Auth_Cas will talk to multiple Cas Server. How can I achive it.

Note: I know it can be achieved by adding NGINX in between Apache and Tomcat to make it work. But I am looking for a cost efficient and less utilized(node) approach.

Thanks 

Ramakrishna G

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P-%3De%2BCrUzWEOBkX%2BN89cba31Cnh70p9%2BebN-5RMGc-Gog%40mail.gmail.com.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

[Richard Frovarp]

Yeah, but you still don't need to couple mod_auth_cas and CAS server on the same system one to one. They can be running in separate instances. It's likely easier to do so. Have your IdP (CAS Server) running on a different subdomain, so sso.example.com. Then scale your IdP and your application with mod_auth_cas independently.

For your "what I need", just load balance from NGINX directly to Tomcat. That will work just fine. Otherwise, you're turning HTTPD into a load balancer. In that case you need mod_proxy_balancer.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_C8X_U_zWo1vmG%2BZQjJxax%3DrhT2hpVMykQegAQLYstiA%40mail.gmail.com.