Shibboleth Developers

[Jim Fox <>]

We've done some testing of clustered E-Auth CS (IdP) servers
using Chad's JBoss replication method.

 http://www.middleware.georgetown.edu/dokuwiki/doku.php/projects:hashib:home

Initial results look promising.  We had to make a couple of 
changes to get it to work.

1) In the ReplicatedArtifactMapper class we had to use a clone
   of the recovered assertion [ cacheObject.getAssertion() ]
   when creating the artifactMapping.  (Something to do with
   the DOM classes needing a 'deep' copy of the tree.)

2) We didn't get any replication until adding a cache loader.
   Specifically added this to the config:

     <attribute name="ReplQueueMaxElements">0</attribute>
     <attribute name="FetchStateOnStartup">true</attribute>
     <attribute 
name="CacheLoaderClass">org.jboss.cache.loader.FileCacheLoader</attribute>
     <attribute name="CacheLoaderConfig">
        location=/tmp/
     </attribute>
     <attribute name="CacheLoaderShared">false</attribute>
     <attribute name="CacheLoaderPreload">/</attribute>


We used this just for artifact retrieval, didn't try the the
ReplicatedHandleMapper.  Also didn't try the encrypt mode.
Will probably use an openvpn encrypted channel instead.


Jim