Smoke Testing CAS Distributed Ticket Registries

Dmitriy Kopylenko,
Software Engineer

CAS server has provided several distributed Ticket Registry implementations out of the box for a long time now, the most popular being Hazelcast. With many of our clients using that ticket registry with at least two CAS nodes, we get asked questions like this all the time: “How do you verify that Hazelcast ticket registry is functioning properly once we have all the nodes configured and running?”

CAS_logo-200-1There is an answer to that. There exists a simple open source command line tool called duct which is able to work with two CAS nodes. This serves to verify that the internal CAS ticket registry state is properly shared between CAS nodes running with distributed ticket registry implementation. In a nutshell, what it does is the following: based on its configuration, it authenticates a pre-configured user on one CAS node, then obtains a service ticket from this same node. It then validates that service ticket on the other configured node. If the test indicates successful ticket validation, then it proves a proper functioning of underlying ticket registry implementation, which properly shares ticket state between nodes. To obtain this tool, visit this Github link.

In order to run it, here are the requirements:

  1. CAS server with two nodes, configured distributed registry implementation, and the REST module enabled. To enable the REST module, simply add this dependency to your build.gradle:

    implementation "org.apereo.cas:cas-server-support-rest"
  2.  On the computer where you download and run duct, one must have a JVM and Groovy installed.

Then, simply follow the duct installation and configuration instructions from the GitHub project page, and execute the duct command. You should see a useful console output as well as either a SUCCESSorFAILURE message, which would give you a clue that your distributed ticket registry is either working or not working. In the case of issues, you will be presented with additional information allowing for troubleshooting where failures exist.

Hopefully this post is useful to anyone looking to quickly smoke test their distributed CAS ticket registries. If you have any questions about Ticket Registry testing, we can help!

Dmitriy Kopylenko

Dmitriy Kopylenko

Software Engineer
Dmitriy Kopylenko is a senior software engineer for Unicon, Inc. with 20 years of experience developing enterprise Java systems including core Java, core Spring Framework, Spring Web Flow, Spring Integration, Groovy, Spring Boot, and Spring Cloud. Dmitriy currently works with Unicon's Identity and Access Management team to deliver enterprise IAM systems to Unicon's clients. His services revolve around open source software such as CAS, Shibboleth Idp, Grouper. Dmitriy is also one of the senior software engineers currently working on back end implementation of the Shibboleth UI project. Prior to joining Unicon in 2011, Dmitriy mainly focused on enterprise business software development, software engineering, and architecture using many enterprise Java development tools and frameworks.
Top