SlideShare une entreprise Scribd logo
1  sur  19
High Availability F5 Browser CAS Node00 Login CASX509Cert CAS Node01 Validate Encrypted Service If you use X509 Auth, configure trust in the F5 and send the info in X-Headers
Points of Replication PresentationLayer  AuthManager Ticket Registry/ SessionStorage JPA or ReplicatedCache CentralAuthenticationServiceImpl SessionObjects Session Objects and Flow State Add “<distributable/> to web.xml
Replication Tests Display Form from node00, POST userid and password to node01 Node00 issues TGT, Node01 issues ST Node00 issues ST, Node01 validates it Not clear that Proxy adds other issues
Replicated Database DB instance CAS Node00 DB instance CAS Node01 24x7x365 availability no backup needed secure network or encrypted (not an application DB)
JPA Entity (sorta)In 3.4.2 should not be final @Entity @Table(name="SERVICETICKET") public final class ServiceTicketImpl extends AbstractTicket implements ServiceTicket { /** The service this ticket is valid for. */     @Lob     @Column(name="SERVICE",nullable=false) private Service service;     /** Is this service ticket the result of a new login. */     @Column(name="FROM_NEW_LOGIN",nullable=false) private booleanfromNewLogin;
JBoss Cache is an API Map<String, Ticket> becomes Cache<String, Ticket> Put, Get, Delete keyed serializable objects Map is preloaded on startup, shared within AS There are lifecycle exits, but CAS doesn’t use them.
JGroups handles Failover Are you there? I am fine. Node03 has gone down. CAS doesn’t care when Node03 goes down or comes up.Infinispan is more powerful than a JGroups which is  already more powerful than CAS needs.
Requirements CAS is comfortable, unless under attack or misused Not a lot of nodes, not far apart We will use what JBoss uses for Session and Context replication
Institutional Specialization User Interface Experts Security Experts Container Managers F5 iRule programmer Replication Configuration DB Configuration These specialists come into existence for applications more expensive than CAS
Configure it Yourself mcast_port="${jboss.jgroups.udp.mcast_port:45688}" mcast_addr="${jboss.partition.udpGroup:228.11.11.11}" tos="8" ucast_recv_buf_size="20000000" ucast_send_buf_size="640000" mcast_recv_buf_size="25000000" mcast_send_buf_size="640000" 		     loopback="true" discard_incompatible_packets="true" enable_bundling="false" ip_ttl="${jgroups.udp.ip_ttl:2}" thread_naming_pattern="cl" thread_pool.enabled="true" thread_pool.min_threads="20" thread_pool.max_threads="200" thread_pool.keep_alive_time="5000"
Use JBossAppServerCacheManager(Someone else configures it) Context ctx = new InitialContext(); cacheManager= 	(CacheManager) ctx.lookup("java:CacheManager"); this.cache = cacheManager.getCache("cas-cache", true ); this.cache.start();
Notcas-server-integration-jboss That project uses JBoss Cache as a library, not a container service Change custom Cache<String,Ticket> to managed Cache<Object,Object> “cas-cache” configured along with session replication, etc., by JBoss admin [all the parameters are there, but they are someone else’s problem]
Temporary 3.4.2 Ticketid Hash CentralAuthenticationServiceImpl new TGTimpl new STimpl return cleartext ID Hash TicketID when ticket created JBossASTicketRegistry addTicket() getTicket() deleteTicket() Requires cleartext ID Accepts hashed or cleartext ID
EAR + Skinny WAR Create an EAR project/POM  copy all the WAR dependencies (cas-server-core) Add WAR as <module> in application.xml Mark all the dependencies in the WAR as “provided” except for your own search first jars. Search: WEB-INF/classes (WAR Java source), WEB-INF/lib (WAR “runtime” dependencies), EAR’s /lib (EAR “runtime” dependencies), JBoss common/lib (WAR and EAR “provided” or omitted)
Experience
80% of problems comefrom F5 and older clients Want to use modern SSL/TLS, but some clients support only older deprecated levels Oracle 8 (no Host: header), 9 (Host: with port), 11 (proper Host: )
Run CAS on JBoss Native (same as Tomcat) Mark common/lib JARs as “provided” in WAR POM JBoss Cache JAR (or can’t find Manager) Hibernate (or JPA hoses up) Logging If CAS won’t start, remove offending JAR.
Test: SSH tunnel past the F5 CAS Node00 F5 Get ST HttpClient CAS Node01 Validate
Infrastructure CAS projects checked into Subversion Build/Deploy by Hudson Check out source, build Maven Artifacts Deploy 0.0.x-SNAPSHOT to development Cut a release to deploy to Test/production Sensitive parameters (database/AD login) are separated out in an XML file configuring a JBoss JNDI stuffer service. They are external to the artifacts.

Contenu connexe

Tendances

MongoDB Stitch Tutorial
MongoDB Stitch TutorialMongoDB Stitch Tutorial
MongoDB Stitch TutorialMongoDB
 
#3 (Multi Threads With TCP)
#3 (Multi Threads With TCP)#3 (Multi Threads With TCP)
#3 (Multi Threads With TCP)Ghadeer AlHasan
 
White Paper On ConCurrency For PCMS Application Architecture
White Paper On ConCurrency For PCMS Application ArchitectureWhite Paper On ConCurrency For PCMS Application Architecture
White Paper On ConCurrency For PCMS Application ArchitectureShahzad
 
Oleksandr Valetskyy - DI vs. IoC
Oleksandr Valetskyy - DI vs. IoCOleksandr Valetskyy - DI vs. IoC
Oleksandr Valetskyy - DI vs. IoCOleksandr Valetskyy
 
To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...
To Study The Tips Tricks  Guidelines Related To Performance Tuning For  N Hib...To Study The Tips Tricks  Guidelines Related To Performance Tuning For  N Hib...
To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...Shahzad
 
Form認証で学ぶSpring Security入門
Form認証で学ぶSpring Security入門Form認証で学ぶSpring Security入門
Form認証で学ぶSpring Security入門Ryosuke Uchitate
 
OR Mapping- nhibernate Presentation
OR Mapping- nhibernate PresentationOR Mapping- nhibernate Presentation
OR Mapping- nhibernate PresentationShahzad
 
Entity Persistence with JPA
Entity Persistence with JPAEntity Persistence with JPA
Entity Persistence with JPASubin Sugunan
 
Евгений Капинос "Advanced JPA (Java Persistent API)"
Евгений Капинос "Advanced JPA (Java Persistent API)"Евгений Капинос "Advanced JPA (Java Persistent API)"
Евгений Капинос "Advanced JPA (Java Persistent API)"Anna Shymchenko
 
Birhanu distributive assignment
Birhanu distributive assignmentBirhanu distributive assignment
Birhanu distributive assignmentuniversity
 
Advanced Hibernate
Advanced HibernateAdvanced Hibernate
Advanced HibernateHaitham Raik
 
Advanced Hibernate V2
Advanced Hibernate V2Advanced Hibernate V2
Advanced Hibernate V2Haitham Raik
 
Spring and Cloud Foundry; a Marriage Made in Heaven
Spring and Cloud Foundry; a Marriage Made in HeavenSpring and Cloud Foundry; a Marriage Made in Heaven
Spring and Cloud Foundry; a Marriage Made in HeavenJoshua Long
 
Cassandra summit 2013 - DataStax Java Driver Unleashed!
Cassandra summit 2013 - DataStax Java Driver Unleashed!Cassandra summit 2013 - DataStax Java Driver Unleashed!
Cassandra summit 2013 - DataStax Java Driver Unleashed!Michaël Figuière
 
Developing application for Windows Phone 7 in TDD
Developing application for Windows Phone 7 in TDDDeveloping application for Windows Phone 7 in TDD
Developing application for Windows Phone 7 in TDDMichele Capra
 

Tendances (20)

04 Data Access
04 Data Access04 Data Access
04 Data Access
 
MongoDB Stitch Tutorial
MongoDB Stitch TutorialMongoDB Stitch Tutorial
MongoDB Stitch Tutorial
 
#3 (Multi Threads With TCP)
#3 (Multi Threads With TCP)#3 (Multi Threads With TCP)
#3 (Multi Threads With TCP)
 
White Paper On ConCurrency For PCMS Application Architecture
White Paper On ConCurrency For PCMS Application ArchitectureWhite Paper On ConCurrency For PCMS Application Architecture
White Paper On ConCurrency For PCMS Application Architecture
 
Oleksandr Valetskyy - DI vs. IoC
Oleksandr Valetskyy - DI vs. IoCOleksandr Valetskyy - DI vs. IoC
Oleksandr Valetskyy - DI vs. IoC
 
To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...
To Study The Tips Tricks  Guidelines Related To Performance Tuning For  N Hib...To Study The Tips Tricks  Guidelines Related To Performance Tuning For  N Hib...
To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...
 
Form認証で学ぶSpring Security入門
Form認証で学ぶSpring Security入門Form認証で学ぶSpring Security入門
Form認証で学ぶSpring Security入門
 
OR Mapping- nhibernate Presentation
OR Mapping- nhibernate PresentationOR Mapping- nhibernate Presentation
OR Mapping- nhibernate Presentation
 
Entity Persistence with JPA
Entity Persistence with JPAEntity Persistence with JPA
Entity Persistence with JPA
 
Евгений Капинос "Advanced JPA (Java Persistent API)"
Евгений Капинос "Advanced JPA (Java Persistent API)"Евгений Капинос "Advanced JPA (Java Persistent API)"
Евгений Капинос "Advanced JPA (Java Persistent API)"
 
JPA Best Practices
JPA Best PracticesJPA Best Practices
JPA Best Practices
 
Birhanu distributive assignment
Birhanu distributive assignmentBirhanu distributive assignment
Birhanu distributive assignment
 
Advanced Hibernate
Advanced HibernateAdvanced Hibernate
Advanced Hibernate
 
Html web sql database
Html web sql databaseHtml web sql database
Html web sql database
 
Advanced Hibernate V2
Advanced Hibernate V2Advanced Hibernate V2
Advanced Hibernate V2
 
Spring and Cloud Foundry; a Marriage Made in Heaven
Spring and Cloud Foundry; a Marriage Made in HeavenSpring and Cloud Foundry; a Marriage Made in Heaven
Spring and Cloud Foundry; a Marriage Made in Heaven
 
Cassandra summit 2013 - DataStax Java Driver Unleashed!
Cassandra summit 2013 - DataStax Java Driver Unleashed!Cassandra summit 2013 - DataStax Java Driver Unleashed!
Cassandra summit 2013 - DataStax Java Driver Unleashed!
 
Solving the n + 1 query problem
Solving the n + 1 query problemSolving the n + 1 query problem
Solving the n + 1 query problem
 
Drools rule Concepts
Drools rule ConceptsDrools rule Concepts
Drools rule Concepts
 
Developing application for Windows Phone 7 in TDD
Developing application for Windows Phone 7 in TDDDeveloping application for Windows Phone 7 in TDD
Developing application for Windows Phone 7 in TDD
 

Similaire à Jasig Cas High Availability - Yale University

Tomcat连接池配置方法V2.1
Tomcat连接池配置方法V2.1Tomcat连接池配置方法V2.1
Tomcat连接池配置方法V2.1Zianed Hou
 
State management in ASP.NET
State management in ASP.NETState management in ASP.NET
State management in ASP.NETOm Vikram Thapa
 
Spring 3: What's New
Spring 3: What's NewSpring 3: What's New
Spring 3: What's NewTed Pennings
 
Integrating SAP the Java EE Way - JBoss One Day talk 2012
Integrating SAP the Java EE Way - JBoss One Day talk 2012Integrating SAP the Java EE Way - JBoss One Day talk 2012
Integrating SAP the Java EE Way - JBoss One Day talk 2012hwilming
 
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...Dan Wahlin
 
WebSphere Message Broker v6.x Overview - 2008-01-09
WebSphere Message Broker v6.x Overview - 2008-01-09WebSphere Message Broker v6.x Overview - 2008-01-09
WebSphere Message Broker v6.x Overview - 2008-01-09Mårten Gustafson
 
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggSecuring your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggStreamNative
 
FwDays 2021: Metarhia Technology Stack for Node.js
FwDays 2021: Metarhia Technology Stack for Node.jsFwDays 2021: Metarhia Technology Stack for Node.js
FwDays 2021: Metarhia Technology Stack for Node.jsTimur Shemsedinov
 
Solving anything in VCL
Solving anything in VCLSolving anything in VCL
Solving anything in VCLFastly
 
Whats New for WPF in .NET 4.5
Whats New for WPF in .NET 4.5Whats New for WPF in .NET 4.5
Whats New for WPF in .NET 4.5Rainer Stropek
 
Online Meetup: Why should container system / platform builders care about con...
Online Meetup: Why should container system / platform builders care about con...Online Meetup: Why should container system / platform builders care about con...
Online Meetup: Why should container system / platform builders care about con...Docker, Inc.
 
Joe Walker Interactivewebsites Cometand Dwr
Joe Walker Interactivewebsites Cometand DwrJoe Walker Interactivewebsites Cometand Dwr
Joe Walker Interactivewebsites Cometand Dwrdeimos
 
Final microsoft cloud summit - windows azure building block services
Final   microsoft cloud summit - windows azure building block servicesFinal   microsoft cloud summit - windows azure building block services
Final microsoft cloud summit - windows azure building block servicesstratospheres
 
Slice: OpenJPA for Distributed Persistence
Slice: OpenJPA for Distributed PersistenceSlice: OpenJPA for Distributed Persistence
Slice: OpenJPA for Distributed PersistencePinaki Poddar
 
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 201910 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019Matt Raible
 

Similaire à Jasig Cas High Availability - Yale University (20)

Tomcat连接池配置方法V2.1
Tomcat连接池配置方法V2.1Tomcat连接池配置方法V2.1
Tomcat连接池配置方法V2.1
 
State management in ASP.NET
State management in ASP.NETState management in ASP.NET
State management in ASP.NET
 
Spring 3: What's New
Spring 3: What's NewSpring 3: What's New
Spring 3: What's New
 
EJB Clients
EJB ClientsEJB Clients
EJB Clients
 
JPA 2.0
JPA 2.0JPA 2.0
JPA 2.0
 
Integrating SAP the Java EE Way - JBoss One Day talk 2012
Integrating SAP the Java EE Way - JBoss One Day talk 2012Integrating SAP the Java EE Way - JBoss One Day talk 2012
Integrating SAP the Java EE Way - JBoss One Day talk 2012
 
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...
 
WebSphere Message Broker v6.x Overview - 2008-01-09
WebSphere Message Broker v6.x Overview - 2008-01-09WebSphere Message Broker v6.x Overview - 2008-01-09
WebSphere Message Broker v6.x Overview - 2008-01-09
 
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris KelloggSecuring your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris Kellogg
 
Dropwizard
DropwizardDropwizard
Dropwizard
 
FwDays 2021: Metarhia Technology Stack for Node.js
FwDays 2021: Metarhia Technology Stack for Node.jsFwDays 2021: Metarhia Technology Stack for Node.js
FwDays 2021: Metarhia Technology Stack for Node.js
 
Solving anything in VCL
Solving anything in VCLSolving anything in VCL
Solving anything in VCL
 
Whats New for WPF in .NET 4.5
Whats New for WPF in .NET 4.5Whats New for WPF in .NET 4.5
Whats New for WPF in .NET 4.5
 
Online Meetup: Why should container system / platform builders care about con...
Online Meetup: Why should container system / platform builders care about con...Online Meetup: Why should container system / platform builders care about con...
Online Meetup: Why should container system / platform builders care about con...
 
Joe Walker Interactivewebsites Cometand Dwr
Joe Walker Interactivewebsites Cometand DwrJoe Walker Interactivewebsites Cometand Dwr
Joe Walker Interactivewebsites Cometand Dwr
 
Final microsoft cloud summit - windows azure building block services
Final   microsoft cloud summit - windows azure building block servicesFinal   microsoft cloud summit - windows azure building block services
Final microsoft cloud summit - windows azure building block services
 
Sqlapi0.1
Sqlapi0.1Sqlapi0.1
Sqlapi0.1
 
ERRest
ERRestERRest
ERRest
 
Slice: OpenJPA for Distributed Persistence
Slice: OpenJPA for Distributed PersistenceSlice: OpenJPA for Distributed Persistence
Slice: OpenJPA for Distributed Persistence
 
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 201910 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019
 

Dernier

Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 

Dernier (20)

Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 

Jasig Cas High Availability - Yale University

  • 1. High Availability F5 Browser CAS Node00 Login CASX509Cert CAS Node01 Validate Encrypted Service If you use X509 Auth, configure trust in the F5 and send the info in X-Headers
  • 2. Points of Replication PresentationLayer AuthManager Ticket Registry/ SessionStorage JPA or ReplicatedCache CentralAuthenticationServiceImpl SessionObjects Session Objects and Flow State Add “<distributable/> to web.xml
  • 3. Replication Tests Display Form from node00, POST userid and password to node01 Node00 issues TGT, Node01 issues ST Node00 issues ST, Node01 validates it Not clear that Proxy adds other issues
  • 4. Replicated Database DB instance CAS Node00 DB instance CAS Node01 24x7x365 availability no backup needed secure network or encrypted (not an application DB)
  • 5. JPA Entity (sorta)In 3.4.2 should not be final @Entity @Table(name="SERVICETICKET") public final class ServiceTicketImpl extends AbstractTicket implements ServiceTicket { /** The service this ticket is valid for. */ @Lob @Column(name="SERVICE",nullable=false) private Service service; /** Is this service ticket the result of a new login. */ @Column(name="FROM_NEW_LOGIN",nullable=false) private booleanfromNewLogin;
  • 6. JBoss Cache is an API Map<String, Ticket> becomes Cache<String, Ticket> Put, Get, Delete keyed serializable objects Map is preloaded on startup, shared within AS There are lifecycle exits, but CAS doesn’t use them.
  • 7. JGroups handles Failover Are you there? I am fine. Node03 has gone down. CAS doesn’t care when Node03 goes down or comes up.Infinispan is more powerful than a JGroups which is already more powerful than CAS needs.
  • 8. Requirements CAS is comfortable, unless under attack or misused Not a lot of nodes, not far apart We will use what JBoss uses for Session and Context replication
  • 9. Institutional Specialization User Interface Experts Security Experts Container Managers F5 iRule programmer Replication Configuration DB Configuration These specialists come into existence for applications more expensive than CAS
  • 10. Configure it Yourself mcast_port="${jboss.jgroups.udp.mcast_port:45688}" mcast_addr="${jboss.partition.udpGroup:228.11.11.11}" tos="8" ucast_recv_buf_size="20000000" ucast_send_buf_size="640000" mcast_recv_buf_size="25000000" mcast_send_buf_size="640000" loopback="true" discard_incompatible_packets="true" enable_bundling="false" ip_ttl="${jgroups.udp.ip_ttl:2}" thread_naming_pattern="cl" thread_pool.enabled="true" thread_pool.min_threads="20" thread_pool.max_threads="200" thread_pool.keep_alive_time="5000"
  • 11. Use JBossAppServerCacheManager(Someone else configures it) Context ctx = new InitialContext(); cacheManager= (CacheManager) ctx.lookup("java:CacheManager"); this.cache = cacheManager.getCache("cas-cache", true ); this.cache.start();
  • 12. Notcas-server-integration-jboss That project uses JBoss Cache as a library, not a container service Change custom Cache<String,Ticket> to managed Cache<Object,Object> “cas-cache” configured along with session replication, etc., by JBoss admin [all the parameters are there, but they are someone else’s problem]
  • 13. Temporary 3.4.2 Ticketid Hash CentralAuthenticationServiceImpl new TGTimpl new STimpl return cleartext ID Hash TicketID when ticket created JBossASTicketRegistry addTicket() getTicket() deleteTicket() Requires cleartext ID Accepts hashed or cleartext ID
  • 14. EAR + Skinny WAR Create an EAR project/POM copy all the WAR dependencies (cas-server-core) Add WAR as <module> in application.xml Mark all the dependencies in the WAR as “provided” except for your own search first jars. Search: WEB-INF/classes (WAR Java source), WEB-INF/lib (WAR “runtime” dependencies), EAR’s /lib (EAR “runtime” dependencies), JBoss common/lib (WAR and EAR “provided” or omitted)
  • 16. 80% of problems comefrom F5 and older clients Want to use modern SSL/TLS, but some clients support only older deprecated levels Oracle 8 (no Host: header), 9 (Host: with port), 11 (proper Host: )
  • 17. Run CAS on JBoss Native (same as Tomcat) Mark common/lib JARs as “provided” in WAR POM JBoss Cache JAR (or can’t find Manager) Hibernate (or JPA hoses up) Logging If CAS won’t start, remove offending JAR.
  • 18. Test: SSH tunnel past the F5 CAS Node00 F5 Get ST HttpClient CAS Node01 Validate
  • 19. Infrastructure CAS projects checked into Subversion Build/Deploy by Hudson Check out source, build Maven Artifacts Deploy 0.0.x-SNAPSHOT to development Cut a release to deploy to Test/production Sensitive parameters (database/AD login) are separated out in an XML file configuring a JBoss JNDI stuffer service. They are external to the artifacts.