Skip to Content.
Sympa Menu

shibboleth-dev - Shib 2 IdP clustering

Subject: Shibboleth Developers

List archive

Shib 2 IdP clustering


Chronological Thread 
  • From: Karsten Huneycutt <>
  • To:
  • Subject: Shib 2 IdP clustering
  • Date: Thu, 22 May 2008 17:11:41 -0400

Hello --

I'm working to prepare the Shibboleth 2 IdP for production status, and I need to get clustering to work before we can go live. We're behind a load balancer, so we have failover and actual load balancing solved, but of course the two IdPs have to share state.

We are running the IdP in JBoss 4.2.2, and Terracotta doesn't work with JBoss 4.2.x. It's an issue in the TC 2.5.x release version that has yet to be fixed, according to their Jira. We are running one other application on those servers that requires JBoss 4.2.2, so changing versions and/or running plain Tomcat are not options.

So, that leaves me searching for other options. JBoss, of course, has perfectly good clustering functionality built into it, so unless there are other options, I'd like to go ahead and use it.

From looking around, the Spring bean that really needs to be clustered is shibboleth.StorageService, since everything else seems to use it as the, well, storage service. Is that correct? If so, I think I can probably write something that uses the JBoss clustering support and implements the appropriate interface for the IdP code to use, sort of like HA-Shib for 1.3. Does that sound like a sane, reasonable option, or am I missing something?

Are there options I'm missing?

Thanks!

KH

PS: the setup instructions for JBoss are incorrect and incomplete. JBoss still requires the security provider manipulation, and the connector information isn't correct. If I use the information in the Tomcat page, all seems to work.

--
Karsten Huneycutt
Systems Specialist, ITS Identity Management




Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.16.

Top of Page