I think I am looking for this type of behavior in tomcat
clustersinglesignon that can be found in jboss. Is this type of feature
available in tomcat 6.0.26?
Thanks,
yasushi
Clustered SSO
Beginning with the JBoss-3.2.4 release, JBoss AS supports single sign-on
to web applications across a cluster, using JBoss Cache for SSO
credential caching and replication. This feature uses the
org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn valve, which
extends the functionality of the standard Tomcat SSO valve to allow the
SSO to span multiple nodes in a cluster.
*
Enables SSO failover
*
Allows a load balancer to direct requests for different webapps to
different servers, while maintaining the SSO.
-----Original Message-----
From: Okubo, Yasushi (TSD)
Sent: Thursday, May 27, 2010 3:33 PM
To: 'Tomcat Users List'; 'p...@pidster.com'
Subject: RE: question for singlesignon for vertical cluster
I think that I miss-stated what horizontal/vertical cluster are.
Anyway, I could configure mod_proxy_ajp/mod_proxy_balancer [Apache 2.2.3
from RHEL 5 (64bit] now.
Then, it looks like a user is required re-login to access password
protected area after fail-over to another node in tomcat [v6.0.26 -
jdk1.6.0.20 on linux] cluster both vertical/horizontal. So, we need an
external module to control SSO, right?
Is there any good open source to do this fail-over avoiding user's
re-login integrating with Tomcat?
Thanks Martin for some comments regarding SSO info.
yasushi
-----Original Message-----
From: Okubo, Yasushi (TSD)
Sent: Wednesday, May 26, 2010 8:20 AM
To: 'Tomcat Users List'; 'p...@pidster.com'
Subject: RE: question for singlesignon for vertical cluster
I am adding the following cluster element to <engine> for vertical
cluster and to <host> for horizontal cluster for development.
I started configuring mod_proxy_ajp and have some problem to configure,
so I may post another question later.
Anyway, for vertical cluster, we have setup DNS round robbing for load
balancing. When we shutdown one node, a user is routed to anther node,
but tomcat asks a user to re-login.
For horizontal cluster, at least tomcat does not ask re-login to access
a different node running on the same host, but I would like to setup
load balancing.
yasushi
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
channelSendOptions="4">
<Manager
className="org.apache.catalina.ha.session.DeltaManager"
expireSessionsOnShutdown="false"
notifyListenersOnReplication="true"/>
<Channel
className="org.apache.catalina.tribes.group.GroupChannel">
<Membership
className="org.apache.catalina.tribes.membership.McastService"
address="228.0.0.4"
port="45564"
frequency="500"
dropTime="3000"/>
<Receiver
className="org.apache.catalina.tribes.transport.nio.NioReceiver"
address="auto"
port="4000"
autoBind="100"
selectorTimeout="5000"
maxThreads="12"/>
<Sender
className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
<Transport
className="org.apache.catalina.tribes.transport.nio.PooledParallelSender
"/>
</Sender>
<Interceptor
className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetec
tor"/>
<Interceptor
className="org.apache.catalina.tribes.group.interceptors.MessageDispatch
15Interceptor"/>
<Interceptor
className="org.apache.catalina.tribes.group.interceptors.ThroughputInter
ceptor"/>
</Channel>
<Valve className="org.apache.catalina.ha.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;
.*\.xls;.*\.sdf;.*\.xml;"/>
<!-- only with jk_mod failover-->
<Valve
className="org.apache.catalina.ha.session.JvmRouteBinderValve"
enabled="true" sessionIdAttribute="takeoverSessionid"
/>
<!-- currently very unstable for remote
deployment
<Deployer
className="org.apache.catalina.ha.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
-->
<!-- only with jk_mod and jvmroutebindervalve-->
<ClusterListener
className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListene
r"/>
<ClusterListener
className="org.apache.catalina.ha.session.ClusterSessionListener"/>
</Cluster>
-----Original Message-----
From: Pid [mailto:p...@pidster.com]
Sent: Wednesday, May 26, 2010 3:20 AM
To: Tomcat Users List
Subject: Re: question for singlesignon for vertical cluster
On 24/05/2010 00:36, Okubo, Yasushi (TSD) wrote:
> Hi
>
> I would like to enable singlesignon on vertical cluster environment
> [multi-nodes on multiple hosts].
>
> We are using clustersinglesignon under host element, and this works in
> horizontal cluster, but does not work in vertical cluster environment.
How are you configuring the cluster in each case?
What have you tried?
p
> Is there any way to make this work as part of tomcat configuration?
> When the node goes down, and a user may be routed to the node located
in
> a different host, it will ask a user to relogin again under the
current
> setup. We would like to avoid a user for relogging to the
application.
>
> Anyway, if tomcat does not provide singlesigeon solution for vertical
> cluster, is there any other open source solutions available?
>
>
>
> Thanks,
>
> yasushi
>
>
>
> OS: linux/redhat 5 - 64 bit
>
> Jvm : 1.6.x
>
> Tocmat : 6.0.24/26
>
>
>
> <Host name="localhost" appBase="webapps"
>
> unpackWARs="true" autoDeploy="true"
>
> xmlValidation="false" xmlNamespaceAware="false">
>
>
>
> <Valve
> className="org.apache.catalina.ha.authenticator.ClusterSingleSignOn"
/>
>
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
