Jasig › Jasig CAS › CAS Users

CAS + SPNEGO + LoadBalancer

3 messages Options
Embed this post
Permalink
Dean Heisey

CAS + SPNEGO + LoadBalancer

Reply Threaded More More options
Print post
Permalink
 Hello again from your friendly neighborhood CAS newb.

 I have successfully gotten CAS+SPNEGO to work in my test environment however, when i put the CAS server(s) behind a load balancer(BIG IP in this case) SPNEGO fails.

lets say my Virtual IP for accessing CAS is  login.spam.com -- http://login.spam.com will present the user with the correct login page, it accepts the credentials, validates against LDAP and returns success(and a ticket).

what I want to happen is that the user is automatically logged in, just like in my test scenario.

Has anyone tried to deploy CAS + Spnego behind a load balancer, and if so do you have any tips to share?

Thanks in advance

Dean
Marvin Addison

Re: CAS + SPNEGO + LoadBalancer

Reply Threaded More More options
Print post
Permalink
>  I have successfully gotten CAS+SPNEGO to work in my test environment
> however, when i put the CAS server(s) behind a load balancer(BIG IP in this
> case) SPNEGO fails.

Sharing excerpts from the CAS application log, cas.log by default,
will help give us clues what is wrong.  Without further information
it's hard to give suggestions.

M

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Dean Heisey

Re: CAS + SPNEGO + LoadBalancer

Reply Threaded More More options
Print post
Permalink
In reply to this post by Dean Heisey
I have more information on this problem.  it turned out that it was not the load balancer, it was the fact that the CAS servers are deployed on Linux boxes and the Kerberos REALM we are using with SPNEGO is now living inside Active Directory. The net result is that CAS can't find the realm with the current configuration.  Any configuration tips will be greatly appreciated and if there is any interest, when I get it working, I can post my configuration tips

Dean

"
Dean Heisey wrote:
 Hello again from your friendly neighborhood CAS newb.

 I have successfully gotten CAS+SPNEGO to work in my test environment however, when i put the CAS server(s) behind a load balancer(BIG IP in this case) SPNEGO fails.

lets say my Virtual IP for accessing CAS is  login.spam.com -- http://login.spam.com will present the user with the correct login page, it accepts the credentials, validates against LDAP and returns success(and a ticket).

what I want to happen is that the user is automatically logged in, just like in my test scenario.

Has anyone tried to deploy CAS + Spnego behind a load balancer, and if so do you have any tips to share?

Thanks in advance

Dean
Free Embeddable Forum Powered by Nabble Help