CAS - how to detect unavalaible CAS server

[RAJANEESH kOLLURI]

Hi,

I have a peculiar problem. I want to navigate to a other authentication url(like AD authentication) when Spring CAS server is down.

Can you please let me know, how to proceed with this. Initially I would like to know how to identify when the CAS server is down.

Thanks in advance.

Rob, thanks for advice and the example. But an error page and a load balancer are definitely dead ends. Believe me.

I have read all reactions in this thread again. And again I think of Luke's last advice:
> You would probably be better to look at making the CAS server itself more robust.

That's the point. Luke might have HW infrastructure on his mind. It would make sense. The CAS server should run on solid HW, simply because it is SSO service.

All I can do for users of my application is to let them enter thru an insecured page which checks out availability of services at first. If anything goes wrong after that, users should return to this well-known page and should contact an administrator.

Thank you all for kind following of my thoughts.
Best regards,
Vladimir

[RAJANEESH kOLLURI]

Hi,

I have a peculiar problem. I want to navigate to a other authentication url(like AD authentication) when Spring CAS server is down.

Can you please let me know, how to proceed with this. Initially I would like to know how to identify when the CAS server is down.

Thanks in advance.

[RAJANEESH kOLLURI]

Our requirement is like..
we are using 'DelegatingFilterProxy'(SpringFramework) for delegating to CAS server.

So, now if the CAS server is down, we need to use AD authentication for authenticating the user.

Any ideas/suggestions.

Thanks in advance.

Raj

[blicket]

Maybe you can create a new LDAP provider beneath your CAS provider?

[RAJANEESH kOLLURI]

How do i do that... can you give me a sample for this.

Thanks in advance..

[harasta]

Finally, my solution of this was following:

1. I defined an insecured welcome page in Spring Security. Every 30 seconds (timeout of my own) the page checks availability of CAS server in pre-render phase. Either a warning is shown (CAS is down, contact administrator) or the flow continues to the secured page.

2. Then the whole authentication work is done by the CAS authentication handlers rather than Spring Security equivalents. You can follow this link.

I used CAS client's CommonUtils.getResponseFromServer(url, encoding) method for checking of CAS availability.

Vladimir

[RAJANEESH kOLLURI]

Thanks for the reply.

However, as said earlier, this would not met my solution.

I need to check whether CAS is available or not.

If it is present we need to use CAS.

If CAS server is down, I need to use other means of Authentication (AD Authentication).

Let me know if this is possible and how?

thanks in advance.

[RAJANEESH kOLLURI]

Thanks for the reply.

However, as said earlier, this would not met my solution.

I need to check whether CAS is available or not.

If it is present we need to use CAS.

If CAS server is down, I need to use other means of Authentication (AD Authentication).

Let me know if this is possible and how?

thanks in advance.

[harasta]

As I know, it is possible to have several authentication providers in Spring Security.

But I actually don't know what happens, if one of providers fails due to unavailability of its remote authentication service. I would expect that another provider in order should continue in authentication.

[RAJANEESH kOLLURI]

We can do this by setting the entry point with different fall back url's. However, I am not aware of doing. Do anyone have idea on this.
Repeating my problem statement - 'When CAS Server is down, I want to make use of LDAP authentication'.