Shibboleth Developers

[Chad La Joie <>]

Hey Jim,
  Thanks for testing this and letting us know the results.  I'll look 
in to the bugs you mentioned.  I'm glad it's working though, I honestly 
haven't had any chance to do testing yet as I've been sidetracked with a 
bunch of other work.

Jim Fox wrote:
> We've done some testing of clustered E-Auth CS (IdP) servers
> using Chad's JBoss replication method.
>
>  http://www.middleware.georgetown.edu/dokuwiki/doku.php/projects:hashib:home 
>
>
> Initial results look promising.  We had to make a couple of changes to 
> get it to work.
>
> 1) In the ReplicatedArtifactMapper class we had to use a clone
>    of the recovered assertion [ cacheObject.getAssertion() ]
>    when creating the artifactMapping.  (Something to do with
>    the DOM classes needing a 'deep' copy of the tree.)
>
> 2) We didn't get any replication until adding a cache loader.
>    Specifically added this to the config:
>
>      <attribute name="ReplQueueMaxElements">0</attribute>
>      <attribute name="FetchStateOnStartup">true</attribute>
>      <attribute 
> name="CacheLoaderClass">org.jboss.cache.loader.FileCacheLoader</attribute>
>      <attribute name="CacheLoaderConfig">
>         location=/tmp/
>      </attribute>
>      <attribute name="CacheLoaderShared">false</attribute>
>      <attribute name="CacheLoaderPreload">/</attribute>
>
>
> We used this just for artifact retrieval, didn't try the the
> ReplicatedHandleMapper.  Also didn't try the encrypt mode.
> Will probably use an openvpn encrypted channel instead.
>
>
> Jim

--
Chad La Joie             315Q St. Mary's Hall
Project Sentinel         202.687.0124