Apereo CAS - Ticket Distribution with JMS


Collaborate
This blog is managed and hosted on GitHub. If you wish to update the contents of this post or if you have found an inaccuracy and wish to make corrections, we recommend that you please submit a pull request to this repository.

Overview

CAS can be enabled with a variety of messaging systems to distribute and share ticket data: from simplified use of the JMS API to a complete infrastructure to receive messages asynchronously. This is the capability where CAS uses a specialized form of the default in-memory ticket registry with the main difference that ticket operations applied to the registry are broadcasted using a messaging queue to other listening CAS nodes on the queue. Each node keeps copies of ticket state on its own and only instructs others to keep their copy accurate by broadcasting messages and data associated with each. Each message and ticket registry instance running inside a CAS node in the cluster is tagged with a unique identifier to avoid endless looping behavior and recursive needless inbound operations.

In this tutorial, we are going to briefly review the JMS configuration in Apereo CAS and steps required to use message queues to distribute tickets and tokens across a cluster. Our starting position is based on:

Configuration

ActiveMQ

We are going to be using ActiveMQ as our message broker whose job is to act as a hub and distribute tickets to subscribers. The quickest way to bring up ActiveMQ would be using the following command:

docker run -d --name activemq-server -p 61616:61616 -p 8161:8161 rmohr/activemq

That should be all, for now.

CAS

Once you have prepped your CAS overlay with the correct auto-configuration module, you will need to instruct CAS to try and connect to ActiveMQ for which you will need, at a minimum, the following settings:

spring.activemq.broker-url=tcp://localhost:61616
spring.activemq.user=admin
spring.activemq.password=admin

Test

Let’s bring up a CAS server node on port 8444:

java -jar build/libs/cas.war --server.port=8444

…and then, let’s bring up another on port 8445:

java -jar build/libs/cas.war --server.port=8445

In the CAS logs, you should be able to notice the following statements:

<Established shared JMS Connection: ActiveMQConnection {id=ID:misaghmoayyed.local-65269-1569759674508-1:1,clientId=null,started=false}>
....
<Configuring JMS ticket registry with identifier [JmsTicketRegistryQueueIdentifier(id=d6b0927b-5c08-4c97-b0aa-02d5d8e709f5)]>

At this point, you should be able to access https://localhost:8445/cas/login and attempt to login. Once you have successfully authenticated, you should observe the distribution of tickets in the CAS logs from one node to the other.

So…

I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please know that all other use cases, scenarios, features, and theories certainly are possible as well. Feel free to engage and contribute as best as you can.

Happy Coding,

Misagh Moayyed

Related Posts

CAS 6.2.0 RC4 Feature Release

...in which I present an overview of CAS 6.2.0 RC4 release.

CAS 6.2.0 RC3 Feature Release

...in which I present an overview of CAS 6.2.0 RC3 release.

Apereo CAS - Bootiful CAS Client

Easy to use CAS Client

CAS Vulnerability Disclosure

Disclosure of a security issue with the CAS software.

Checking Out Pull Requests Locally

Check out GitHub pull requests as local branches using a simple bash function.

CAS 6.2.0 RC2 Feature Release

...in which I present an overview of CAS 6.2.0 RC2 release.

Apereo CAS - Authentication Handler Resolution

Learn how to resolve and select authentication handlers based on configurable and flexible filtering criteria.

CAS Vulnerability Disclosure

Disclosure of a security issue with the CAS software.

Apereo CAS - SAML2 Metadata Overrides

Learn how to manage SAML2 service provider registrations in CAS and override metadata artifacts on a per-application basis.

Apereo CAS - Managing Configuration Metadata

Learn how to manage CAS configuration and properties using Spring Boot Configuration metadata.