CAS server has provided several distributed Ticket Registry implementations out of the box for a long time now, the most popular being Hazelcast. With many of our clients using that ticket registry with at least two CAS nodes, we get asked questions like this all the time: “How do you verify that Hazelcast ticket registry is functioning properly once we have all the nodes configured and running?”
There is an answer to that. There exists a simple open source command line tool called duct which is able to work with two CAS nodes. This serves to verify that the internal CAS ticket registry state is properly shared between CAS nodes running with distributed ticket registry implementation. In a nutshell, what it does is the following: based on its configuration, it authenticates a pre-configured user on one CAS node, then obtains a service ticket from this same node. It then validates that service ticket on the other configured node. If the test indicates successful ticket validation, then it proves a proper functioning of underlying ticket registry implementation, which properly shares ticket state between nodes. To obtain this tool, visit this Github link.
In order to run it, here are the requirements:
- CAS server with two nodes, configured distributed registry implementation, and the REST module enabled. To enable the REST module, simply add this dependency to your
build.gradle:implementation "org.apereo.cas:cas-server-support-rest" - On the computer where you download and run duct, one must have a JVM and Groovy installed.
Then, simply follow the duct installation and configuration instructions from the GitHub project page, and execute the duct command. You should see a useful console output as well as either a SUCCESSorFAILURE message, which would give you a clue that your distributed ticket registry is either working or not working. In the case of issues, you will be presented with additional information allowing for troubleshooting where failures exist.
Hopefully this post is useful to anyone looking to quickly smoke test their distributed CAS ticket registries. If you have any questions about Ticket Registry testing, we can help!
