Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

[07:57:13 CDT(-0500)] <foxnesn> morning

[12:41:40 CDT(-0500)] <atilling> cd

[12:43:07 CDT(-0500)] <foxnesn> hi

[12:43:59 CDT(-0500)] <foxnesn> atilling, your HA environment do you keep your database separate from the cas server or do you have a database on each cas server having them replicate data?

[12:44:22 CDT(-0500)] <foxnesn> so do you have 1 db where both cas servers point to

[12:44:36 CDT(-0500)] <foxnesn> or does each cas server have its own database with replication of the db

[12:44:45 CDT(-0500)] <atilling> depends (smile)

[12:44:49 CDT(-0500)] <foxnesn> o?

[12:45:22 CDT(-0500)] <atilling> for our password management there is one certral DB server that CAS writes to

[12:45:36 CDT(-0500)] <foxnesn> ok

[12:45:45 CDT(-0500)] <foxnesn> what about ticket registry?

[12:45:49 CDT(-0500)] <atilling> for service registry there is a replicated database on each cas server

[12:45:56 CDT(-0500)] <foxnesn> ahh

[12:46:09 CDT(-0500)] <atilling> for ticket registry we use ehcache in RMI mode

[12:46:09 CDT(-0500)] <foxnesn> by service registry doyou mean ticket reg?

[12:46:14 CDT(-0500)] <foxnesn> oh

[12:46:56 CDT(-0500)] <foxnesn> so service registry is for /cas/services

[12:47:05 CDT(-0500)] <atilling> correct

[12:47:05 CDT(-0500)] <foxnesn> keeping that on a db instead of in memory

[12:47:48 CDT(-0500)] <atilling> Right because we have deffined services and have themes and attributes managed accrossed the services

[12:48:01 CDT(-0500)] <foxnesn> hrm

[12:48:59 CDT(-0500)] <foxnesn> maybe we just keep service reg in memory and force it in the deployer

[12:49:28 CDT(-0500)] <foxnesn> for tix reg did you follow this

[12:49:37 CDT(-0500)] <foxnesn> https://wiki.jasig.org/display/CASUM/JpaTicketRegistry

[12:54:13 CDT(-0500)] <foxnesn> o u use ehcache

[12:54:40 CDT(-0500)] <atilling> we used the same JPA for service reg but not tickets

[12:54:58 CDT(-0500)] <atilling> we're using this for tickets: https://wiki.jasig.org/display/CASUM/EhcacheTicketRegistry

[12:55:40 CDT(-0500)] <foxnesn> i see

[12:56:05 CDT(-0500)] <foxnesn> also could you tell me if my solution to webflow is secure?

[12:56:17 CDT(-0500)] <foxnesn> ill show you the code for the forward url i used

[12:56:33 CDT(-0500)] <atilling> we had the ehcache set up before we did service registry

[12:57:20 CDT(-0500)] <atilling> If we had the service reg is JPA first we might have gone JPA for tickets too

[12:57:45 CDT(-0500)] <atilling> but our main goal was to have CAS as independant as possible

[12:58:08 CDT(-0500)] <foxnesn> https://pwm:8443/pwm/private...checkAll&forwardURL="https%3A%2F%2Fmoodle/login/index.php?"+request.getParameter("ticket"(wink);

[12:58:24 CDT(-0500)] <atilling> with JPA ticketReg CAS depends on MyQL

[12:58:53 CDT(-0500)] <foxnesn> the request.getParameter appends the ticket to the url

[12:58:57 CDT(-0500)] <foxnesn> it works great

[12:59:06 CDT(-0500)] <foxnesn> not sure if it is secure tho

[12:59:23 CDT(-0500)] <atilling> Looks good to me, there aren't passwords exchanged and when the PWM passes them to Moodle, moodle does the validate

[12:59:43 CDT(-0500)] <foxnesn> im assuing since it is built into the flow nobody can hijack the "ticker"

[12:59:46 CDT(-0500)] <foxnesn> "ticket"

[13:00:03 CDT(-0500)] <foxnesn> or have CAS send the ticket to another sesson

[13:00:07 CDT(-0500)] <atilling> the PWM is just passing on the service ticket so it's secure

[13:00:17 CDT(-0500)] <foxnesn> awesome

[13:00:30 CDT(-0500)] <foxnesn> i was worried i found a solution but it wouldnt be secure

[13:00:56 CDT(-0500)] <foxnesn> gonna have to install development portal to test it on

[13:02:03 CDT(-0500)] <foxnesn> making this HA could be tricky

[13:02:12 CDT(-0500)] <foxnesn> cause PWM responses are stored in mysql schema

[13:02:31 CDT(-0500)] <foxnesn> so i think both service and ticket reg will be stored in separate schemas on the same mysql server

[13:02:47 CDT(-0500)] <foxnesn> and there will be two separate physical servers

[13:03:00 CDT(-0500)] <foxnesn> could cause issues replicated data across 3 schemas

[13:03:10 CDT(-0500)] <foxnesn> replicating

[13:15:14 CDT(-0500)] <atilling> shouldn't be an issue but experience will tell

[13:15:32 CDT(-0500)] <foxnesn> yea

[13:15:36 CDT(-0500)] <foxnesn> will be fun tho

[13:26:27 CDT(-0500)] <foxnesn> ive never setup tomcat in HA

[13:30:26 CDT(-0500)] <foxnesn> do u have load balancing setup?

[13:30:35 CDT(-0500)] <atilling> yes

[13:30:48 CDT(-0500)] <foxnesn> do you use a separate program for that?

[13:30:49 CDT(-0500)] <atilling> Tomcat is pretty simple to ha

[13:31:03 CDT(-0500)] <atilling> We have a hardware load balancer

[13:31:10 CDT(-0500)] <foxnesn> ahh

[13:31:20 CDT(-0500)] <foxnesn> im sure we do then

[13:31:25 CDT(-0500)] <foxnesn> just never set one up

[13:31:27 CDT(-0500)] <atilling> actually we have load balanced load balancers

[13:31:37 CDT(-0500)] <foxnesn> wow nice

[13:31:52 CDT(-0500)] <atilling> two cisco Ace 4710's

[13:31:54 CDT(-0500)] <foxnesn> are they fiber connected or something?

[13:33:11 CDT(-0500)] <atilling> they are fiber connected to our cisco 6500

[13:33:16 CDT(-0500)] <foxnesn> nice

  • No labels