SOGo - BTS - SOGo
View Issue Details
0001016SOGoWeb Generalpublic2010-11-26 17:362011-02-15 16:31
paubry 
 
normalfeaturealways
closedno change required 
1.3.4 
 
0001016: Custom CAS proxy URL
During our SOGo tests at the University of Rennes 1, we added a parameter that allows each of our SOGo servers to have its own CAS proxy callback URL.
Explanation: our SOGo servers are all behind a frontal Apache load-balancer. Adding a shared memcached server appeared to us as another weakness in our architecture, so we decided that each SOGo server would use its own memcached daemon and respond itself to its PGT callback requests from the CAS server (we use this deployment scheme for years with uPortal).

The new parameter is named SOGoCASProxyCallbackURL:
    * If not set, the callback URL is built 'normally' (based on the request host and path).
    * If set (e.g. https://sogo3.domain.com/SOGo/casProxy [^]), it is passed as-is to the CAS server on ticket validation.

Patch attached.
Best,
PA
No tags attached.
txt patch-CASProxyCallbackURL.txt (2,132) 2010-11-26 17:36
https://sogo.nu/bugs/file_download.php?file_id=254&type=bug
Issue History
2010-11-26 17:36paubryNew Issue
2010-11-26 17:36paubryFile Added: patch-CASProxyCallbackURL.txt
2010-11-29 15:20ludovicTarget Version => 1.3.5
2010-12-23 20:45ludovicNote Added: 0001965
2010-12-23 20:46ludovicStatusnew => feedback
2010-12-24 06:55paubryNote Added: 0001968
2010-12-24 07:27ludovicNote Added: 0001969
2010-12-28 13:59ludovicNote Added: 0001973
2011-01-03 02:08paubryNote Added: 0001989
2011-01-05 15:30ludovicTarget Version1.3.5 =>
2011-02-03 12:35paubryNote Added: 0002079
2011-02-15 16:31ludovicStatusfeedback => closed
2011-02-15 16:31ludovicResolutionopen => no change required

Notes
(0001965)
ludovic   
2010-12-23 20:45   
What about using membase (with replication, no persistence) ?

This would let you have a memcached server on each instance but share the cache across servers.

repcached could also be an option (there's an updated patch for memcached 1.4) too.
(0001968)
paubry   
2010-12-24 06:55   
Sharing anything between the servers is not needed, and it adds a non necessary weakness to the architecture. Fully independent servers is obviously the best garanty for robustness.
(0001969)
ludovic   
2010-12-24 07:27   
Unless the server goes down and it loses all sessions.

What "unnecessary weakness" does it add? membase will *REPLICATE* memcached caches across SOGo servers, which EACH runs a single instance.

It can't be more simple, efficient and fully independent than that - it has an horizontal growth path.
(0001973)
ludovic   
2010-12-28 13:59   
I've toyed around membase and it does NOT support replication when using the memcached engine. Since persistence doesn't really matter to us, i think it would be better to reuse the code we now have in SOGoSession (coming from bug 0000698) and we could store the CAS ticket in the database.
(0001989)
paubry   
2011-01-03 02:08   
Storing PGT/Iou in the database is a working possibility but I still believe that credentials should not be persisted in databases.
(0002079)
paubry   
2011-02-03 12:35   
1.3.5a perfectly works without this patch, issue can be closed.