Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

[07:57:13 CDT(-0500)] <foxnesn> morning

[12:41:40 CDT(-0500)] <atilling> cd

[12:43:07 CDT(-0500)] <foxnesn> hi

[12:43:59 CDT(-0500)] <foxnesn> atilling, your HA environment do you keep your database separate from the cas server or do you have a database on each cas server having them replicate data?

[12:44:22 CDT(-0500)] <foxnesn> so do you have 1 db where both cas servers point to

[12:44:36 CDT(-0500)] <foxnesn> or does each cas server have its own database with replication of the db

[12:44:45 CDT(-0500)] <atilling> depends (smile)

[12:44:49 CDT(-0500)] <foxnesn> o?

[12:45:22 CDT(-0500)] <atilling> for our password management there is one certral DB server that CAS writes to

[12:45:36 CDT(-0500)] <foxnesn> ok

[12:45:45 CDT(-0500)] <foxnesn> what about ticket registry?

[12:45:49 CDT(-0500)] <atilling> for service registry there is a replicated database on each cas server

[12:45:56 CDT(-0500)] <foxnesn> ahh

[12:46:09 CDT(-0500)] <atilling> for ticket registry we use ehcache in RMI mode

[12:46:09 CDT(-0500)] <foxnesn> by service registry doyou mean ticket reg?

[12:46:14 CDT(-0500)] <foxnesn> oh

[12:46:56 CDT(-0500)] <foxnesn> so service registry is for /cas/services

[12:47:05 CDT(-0500)] <atilling> correct

[12:47:05 CDT(-0500)] <foxnesn> keeping that on a db instead of in memory

[12:47:48 CDT(-0500)] <atilling> Right because we have deffined services and have themes and attributes managed accrossed the services

[12:48:01 CDT(-0500)] <foxnesn> hrm

[12:48:59 CDT(-0500)] <foxnesn> maybe we just keep service reg in memory and force it in the deployer

[12:49:28 CDT(-0500)] <foxnesn> for tix reg did you follow this

[12:49:37 CDT(-0500)] <foxnesn> https://wiki.jasig.org/display/CASUM/JpaTicketRegistry

[12:54:13 CDT(-0500)] <foxnesn> o u use ehcache

[12:54:40 CDT(-0500)] <atilling> we used the same JPA for service reg but not tickets

[12:54:58 CDT(-0500)] <atilling> we're using this for tickets: https://wiki.jasig.org/display/CASUM/EhcacheTicketRegistry

[12:55:40 CDT(-0500)] <foxnesn> i see

[12:56:05 CDT(-0500)] <foxnesn> also could you tell me if my solution to webflow is secure?

[12:56:17 CDT(-0500)] <foxnesn> ill show you the code for the forward url i used

[12:56:33 CDT(-0500)] <atilling> we had the ehcache set up before we did service registry

[12:57:20 CDT(-0500)] <atilling> If we had the service reg is JPA first we might have gone JPA for tickets too

[12:57:45 CDT(-0500)] <atilling> but our main goal was to have CAS as independant as possible

[12:58:08 CDT(-0500)] <foxnesn> https://pwm:8443/pwm/private...checkAll&forwardURL="https%3A%2F%2Fmoodle/login/index.php?"+request.getParameter("ticket"(wink);

[12:58:24 CDT(-0500)] <atilling> with JPA ticketReg CAS depends on MyQL

[12:58:53 CDT(-0500)] <foxnesn> the request.getParameter appends the ticket to the url

[12:58:57 CDT(-0500)] <foxnesn> it works great

[12:59:06 CDT(-0500)] <foxnesn> not sure if it is secure tho

[12:59:23 CDT(-0500)] <atilling> Looks good to me, there aren't passwords exchanged and when the PWM passes them to Moodle, moodle does the validate

[12:59:43 CDT(-0500)] <foxnesn> im assuing since it is built into the flow nobody can hijack the "ticker"

[12:59:46 CDT(-0500)] <foxnesn> "ticket"

[13:00:03 CDT(-0500)] <foxnesn> or have CAS send the ticket to another sesson

[13:00:07 CDT(-0500)] <atilling> the PWM is just passing on the service ticket so it's secure

[13:00:17 CDT(-0500)] <foxnesn> awesome

[13:00:30 CDT(-0500)] <foxnesn> i was worried i found a solution but it wouldnt be secure

[13:00:56 CDT(-0500)] <foxnesn> gonna have to install development portal to test it on

  • No labels