Shibboleth Developers

[Chad La Joie <>]

I need to test this but I believe that the use of Terracotta is okay 
here.  I *think* what isn't supported is JBoss state/session replication 
but Shib doesn't use container managed sessions.  As you already pointed 
out, it's just the storage service that needs to be replicated.  I need 
to do some testing, but I think we're okay.

Karsten Huneycutt wrote:
> Hello --
>
> Of course, since it seems that nothing except the replay cache 
> implements Serializable, I can't easily use the JBoss TreeCache, so it 
> seems that I can't do what I need to do without a lot of work (ie, 
> reimplement the session manager and the artifact map).  That is 
> unfortunate.
>
> Are there options I'm not seeing?
>
> KH
>
> On 23 May, 2008, at 09:58, Karsten Huneycutt wrote:
>
> > Hello --
> >
> > http://jira.terracotta.org/jira/browse/CDV-573
> >
> > Unfortunately the bug is a little light on details.  Note also that 
> > the supported containers lists only JBoss 3.2.8 and 4.0.5:
> >
> > http://terracotta.org/confluence/display/docs1/Platform+Support
> >
> > KH
> >
> > On 23 May, 2008, at 00:07, Chad La Joie wrote:
> >
> > > Karsten, can you give me a link to the bug that you're referencing?
> > >
> > > Karsten Huneycutt wrote:
> > > > Hello --
> > > > I'm working to prepare the Shibboleth 2 IdP for production status, 
> > > > and I need to get clustering to work before we can go live.  We're 
> > > > behind a load balancer, so we have failover and actual load 
> > > > balancing solved, but of course the two IdPs have to share state.
> > > > We are running the IdP in JBoss 4.2.2, and Terracotta doesn't work 
> > > > with JBoss 4.2.x.  It's an issue in the TC 2.5.x release version 
> > > > that has yet to be fixed, according to their Jira.  We are running 
> > > > one other application on those servers that requires JBoss 4.2.2, so 
> > > > changing versions and/or running plain Tomcat are not options.
> > > > So, that leaves me searching for other options.  JBoss, of course, 
> > > > has perfectly good clustering functionality built into it, so unless 
> > > > there are other options, I'd like to go ahead and use it.
> > > > From looking around, the Spring bean that really needs to be 
> > > > clustered is shibboleth.StorageService, since everything else seems 
> > > > to use it as the, well, storage service.  Is that correct?  If so, I 
> > > > think I can probably write something that uses the JBoss clustering 
> > > > support and implements the appropriate interface for the IdP code to 
> > > > use, sort of like HA-Shib for 1.3.  Does that sound like a sane, 
> > > > reasonable option, or am I missing something?
> > > > Are there options I'm missing?
> > > > Thanks!
> > > > KH   PS:  the setup instructions for JBoss are incorrect and 
> > > > incomplete.  JBoss still requires the security provider 
> > > > manipulation, and the connector information isn't correct.  If I use 
> > > > the information in the Tomcat page, all seems to work.
> > >
> > > --
> > > SWITCH
> > > Serving Swiss Universities
> > > --------------------------
> > > Chad La Joie, Software Engineer, Security
> > > Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> > > phone +41 44 268 15 75, fax +41 44 268 15 68
> > > ,
> > >  http://www.switch.ch
> >
> > --
> > Karsten Huneycutt
> > Systems Specialist, ITS Identity Management

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch