clearpass in clustermode

44 views

Skip to first unread message

Andreas Zschorn

unread,

May 2, 2019, 6:11:53 AM5/2/19

to CAS Community

Hello together,

we are running cas 6.0.3 in cluster mode with an dynamodb as ticket storage.

For one legacy application we enabled clearpass.

https://apereo.github.io/cas/6.0.x/integration/ClearPass.html

So far it works, but clearpass works only if 1 cluster node is active. Otherwise the credential object is null on client side.

I have the feeling, that the credential object is only saved (cached) in memory, so clear pass will not work in cluster mode, because the service ticket validation is a separate call from the service, so sticky sessions will not work.

I clould also not find any table in the dynamodb, which contains the credential.

Is this observation correct?

An productive SSO authentication server not running in HA cluster mode is prohibitive.

Has anyone a solution to get clearpass running in cluster mode? Perhaps a replication via hazelcast?

Thanks for any input.

Andreas

Ray Bon

unread,

May 2, 2019, 11:21:31 AM5/2/19

to cas-...@apereo.org

Andreas,

With ehcache we observed behaviour like this. The time required with replication was greater than the client request time (which went to a different server in the cluster). When we switched to hazelcast (which is in memory but not replicated), those problems went away.

Ray

--

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

Reply all

Reply to author

Forward

0 new messages