We are using pubcookie,
It is readily load balancable, There is no state information saved on the server so no replication problems. It's simply a matter of setting up multiple login servers, setting up the same virtual host e.g. weblogin.ncl.ac.uk on each, transferring the keys so that both servers have the same keys, point a dns round robin at it (or something more sophisticated) and you have a clusterred login settup.
CAS does have the benefit that you can chain authentication backend so you can try authenticating against multiple password stores and authenticate someone if you find a match in one.
________________________________
From: Discussion list for Shibboleth developments on behalf of Andy Swiffin
Sent: Wed 9/19/2007 11:04 AM
To: [log in to unmask]
Subject: Re: HASHIB
>Two physical idp servers, one virtual server idp server in our VMWare
>ESX environment, hashib used on them for clustering.
Thanks Rhys (and Cal and Adrian),
Useful information - we're almost certainly going to go this route from the outset.
Rhys - to what extent do you think that the physical servers might be overkill? In other words, would you consider doing the whole thing on VM or do you think physical boxes are necessary?
And "Todays Question":
Who is using a SSO solution with their IdP, particularly Yale CAS or pubcookie? Any comments?
Cheers
Andy
|