Re:[jasig-discuss] Ask cas behind haproxy problem : CASTGC cookie lost

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re:[jasig-discuss] Ask cas behind haproxy problem : CASTGC cookie lost

Samuel_Liang

Dear Jonathan :

Thanks, your suggestion!

Problem Description :
        I adapted our system to CAS. On simple environment(standalone), this CASTGC cookie always ok at my browser client.
        But, when I migrated system to complex environment(haproxy+cluster). my browser always could not found this CASTGC cookie.
        So, I open HAProxy debug mode and review output log. This CASTGC cookie had arrived to HAProxy, but can't to my browser.
        For this problem, I don't know how to solve it. Could you help me, thanks!

1. Below, I redraw my architecture by ascii format.
                                                +-------+
                                          +---> | WEB01 | <---+
                                          |     +-------+     |
    +---------+           +---------+     |                   |     +------------+
    | Browser | <-------> | HAProxy | <---+                   +---> | CAS Server |
    +---------+           +---------+     |                   |     +------------+
                                          |     +-------+     |
                                          +---> | WEB02 | <---+
                                                +-------+

2. I put whole HAProxy configure:
        listen tda_web_http 0.0.0.0:80
                mode http
                reqadd X-Forwarded-Proto:\ http
                option tcpka
                no option http-server-close
                stats enable
                stats refresh 10s
                stats uri /status
                stats realm Haproxy\ statistics
                log global
                timeout server 10m
                timeout client 10m
                balance source
                cookie JSESSIONID prefix
                cookie CASTGC indirect preserve secure
                capture cookie CASTGC len 63
                option httpclose
                option forwardfor
                option httplog
                server web01 10.10.0.1:8080 cookie web01 weight 50 check inter 4000
                server web02 10.10.0.2:8080 cookie web02 weight 50 check inter 4000

3. Below is our HAProxy's partial debug log :
        73/0/1/182/256 302 656 - CASTGC=TGT-98-ADcUE6hsd5zyppApgu76EkEfscDupu9OGFazAMAy9bZPKXGnC --NP 0/0/0/0/0 0/0 "POST /TdaJSFWeb/login?service=http://tdatwo.kh.asegroup.com/TdaJSFWeb/welcome.ase HTTP/1.1"
        73/0/1/182/256 302 656 - CASTGC=TGT-98-ADcUE6hsd5zyppApgu76EkEfscDupu9OGFazAMAy9bZPKXGnC --NP 0/0/0/0/0 0/0 "POST /TdaJSFWeb/login?service=http://tdatwo.kh.asegroup.com/TdaJSFWeb/welcome.ase HTTP/1.1"
        74/0/0/19/93 302 199 - - --NN 0/0/0/0/0 0/0 "GET /TdaJSFWeb/welcome.ase?ticket=ST-98-w67V0Y3G6Z2yEQwPk0zt-khtrdsso01.kh.asegroup.com HTTP/1.1"

-------------------------------------------------------------------------------------
Samuel Liang
Advanced Semiconductor Engineering Group
Tel : 886-7-3636641 # 84508 .Fax : 886-7-3636663
Email Address : [hidden email]
-------------------------------------------------------------------------------------

2014/08/08
-- 
You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/jasig-discuss