shibboleth-dev - Re: Shib 2 IdP clustering
Subject: Shibboleth Developers
List archive
- From: Karsten Huneycutt <>
- To:
- Subject: Re: Shib 2 IdP clustering
- Date: Fri, 23 May 2008 09:58:21 -0400
Hello --
http://jira.terracotta.org/jira/browse/CDV-573
Unfortunately the bug is a little light on details. Note also that the supported containers lists only JBoss 3.2.8 and 4.0.5:
http://terracotta.org/confluence/display/docs1/Platform+Support
KH
On 23 May, 2008, at 00:07, Chad La Joie wrote:
Karsten, can you give me a link to the bug that you're referencing?
Karsten Huneycutt wrote:
Hello --
I'm working to prepare the Shibboleth 2 IdP for production status, and I need to get clustering to work before we can go live. We're behind a load balancer, so we have failover and actual load balancing solved, but of course the two IdPs have to share state.
We are running the IdP in JBoss 4.2.2, and Terracotta doesn't work with JBoss 4.2.x. It's an issue in the TC 2.5.x release version that has yet to be fixed, according to their Jira. We are running one other application on those servers that requires JBoss 4.2.2, so changing versions and/or running plain Tomcat are not options.
So, that leaves me searching for other options. JBoss, of course, has perfectly good clustering functionality built into it, so unless there are other options, I'd like to go ahead and use it.
From looking around, the Spring bean that really needs to be clustered is shibboleth.StorageService, since everything else seems to use it as the, well, storage service. Is that correct? If so, I think I can probably write something that uses the JBoss clustering support and implements the appropriate interface for the IdP code to use, sort of like HA-Shib for 1.3. Does that sound like a sane, reasonable option, or am I missing something?
Are there options I'm missing?
Thanks!
KH PS: the setup instructions for JBoss are incorrect and incomplete. JBoss still requires the security provider manipulation, and the connector information isn't correct. If I use the information in the Tomcat page, all seems to work.
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
--
Karsten Huneycutt
Systems Specialist, ITS Identity Management
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- Shib 2 IdP clustering, Karsten Huneycutt, 05/22/2008
- Re: Shib 2 IdP clustering, Chad La Joie, 05/23/2008
- Re: Shib 2 IdP clustering, Karsten Huneycutt, 05/23/2008
- Re: Shib 2 IdP clustering, Karsten Huneycutt, 05/23/2008
- Re: Shib 2 IdP clustering, Chad La Joie, 05/24/2008
- Re: Shib 2 IdP clustering, Karsten Huneycutt, 05/28/2008
- Re: Shib 2 IdP clustering, Chad La Joie, 05/24/2008
- Re: Shib 2 IdP clustering, Karsten Huneycutt, 05/23/2008
- Re: Shib 2 IdP clustering, Karsten Huneycutt, 05/23/2008
- Re: Shib 2 IdP clustering, Chad La Joie, 05/23/2008
Archive powered by MHonArc 2.6.16.