14 Setting Up a CAS Cluster

You can set up a Central Authentication Server (CAS) cluster in the same WebLogic domain as Oracle WebCenter Sites, in a different WebLogic domain on the same machine, or for high availability, in a different WebLogic domain on a different machine.

The following topics describe how to set up a CAS cluster:

Configuring the CAS Primary Cluster Node
This topic describes how to set up the CAS application to function on a WebCenter Sites cluster both as a single instance and as a clustered application. If you are not clustering the CAS application, you can skip the steps required specifically for clustering CAS.
Configuring the CAS Secondary Cluster Node(s)
This topic describes how to set up one or more secondary CAS (Central Authentication Service) application cluster nodes.

Parent topic: Configuring WebCenter Sites Components

14.1 Configuring the CAS Primary Cluster Node

This topic describes how to set up the CAS application to function on a WebCenter Sites cluster both as a single instance and as a clustered application. If you are not clustering the CAS application, you can skip the steps required specifically for clustering CAS.

Before completing the steps in this procedure, note the following items:

An instance of WebCenter Sites with CAS, the primary cluster node, needs to be up and running.
Never change the context root of the CAS application from its default value of /cas, even if the CAS application itself is relocated.

To set up the primary CAS cluster node:

Using the WebLogic Server Administration Console, create a new Managed Server for the primary CAS cluster node (for example, cas_server1).
1. If CAS will be clustered, create and assign additional servers to the cluster as needed.
2. Determine the load balancer's IP address and port becaause these values will be required to complete the setup.
3. The initial configuration of CAS will be for only a single cluster member. Once WebCenter Sites is set up and running on a single server accessed through the load balancer, you can configure additional servers.
4. (Optional) If you are deploying the CAS application on a WebLogic domain separate from the WebCenter Sites domain, do the following steps:
  1. Copy the contents of DOMAIN_HOME/wcsites/bin/ to the same location in the CAS domain.
  2. Copy the contents of ORACLE_HOME/wcsites/wcsites_common/lib/ to the same location in the CAS domain.
  3. Grant the CAS application access to the Oracle Platform Security Services keystore by executing the following script and following the on-screen instructions: sh CAS_DOMAIN_HOME/wcsites/bin/grant-opss-permission.sh on a UNIX operating system or DOMAIN_HOME\wcsites\bin\grant-opss-permission.bat on a Windows operating system.
Create a CAS config directory on the Managed Server you created in step 1. For example: DOMAIN_HOME/wcsites/cas/config.
Subsequent steps will refer to this directory as CAS_CONFIG_DIR.
Move (do not copy) the following files and directories from DOMAIN_HOME/wcsites/wcsites/config on the Managed Server that is the primary WebCenter Sites cluster node to CAS_CONFIG_DIR:
- cas.properties
- host.properties
- jbossTicketCacheReplicationConfig.xml
- customBeans.xml
- deployerConfigContext.xml
- fatwire_settings.properties
- fatwire_views.properties
- logging-config.xml
- cas-spring-configuration
Note:
If the WebCenter Sites node you are copying from is part of a cluster, the host.properties and jbossTicketCacheReplicationConfig.xml files may be located under DOMAIN_HOME/wcsites/wcsites/config/node-name and need to be copied from there to CAS_CONFIG_DIR.
Set the host.name parameter value in cas_config_dir/host.properties to the host name or IP address of the CAS host machine.
Modify CAS_CONFIG_DIR/jbossTicketCacheReplicationConfig.xml as follows:
- (Optional) If you are using IPv6 addressing, set mcast_addr value to a valid IPv6 multicast address. This value must be the same for each node in the cluster. For example, [ff0x:0:0:0:0:0:0:301].
- Set bind_addr to the host name or IP address of the CAS host machine.
- (Optional) If you are clustering the CAS application, set ip_ttl to a value appropriate for your environment. Oracle recommends 1 as a starting point. For a list of suggested values, see Setting Up a WebCenter Sites Cluster.
Set the server.name parameter value in CAS_CONFIG_DIR/cas.properties to the URL of the CAS host machine.

Note:
If you are clustering the CAS application, use the IP address and port of the load balancer.
Update the class path on the CAS application’s Managed Server to include the full path to the CAS_CONFIG_DIR directory.
Deploy the cas.war application file to the CAS application’s Managed Server.

On the primary WebCenter Sites cluster node, modify the following properties in the WCSITES_CONFIG_DIR/wcs_properties.json file, as described in the following table.

`wcsites.cas.host`	Host name or IP address of the CAS application’s Managed Server. Used for external connections.
`wcsites.cas.port`	Port of the CAS application’s Managed Server. Used for external connections.
`wcsites.cas.internal.url`	URL (in `hostname:port` format) of the CAS application’s Managed Server. Used internally.

Restart the primary WebCenter Sites cluster node Managed Server and the CAS application’s Managed Server.
Log in to the Admin interface on the primary WebCenter Sites cluster node to confirm the new configuration.
(Optional) If you are clustering the CAS application, complete the steps in Configuring the CAS Secondary Cluster Node(s).

14.2 Configuring the CAS Secondary Cluster Node(s)

This topic describes how to set up one or more secondary CAS (Central Authentication Service) application cluster nodes.

Before completing the following steps, you must have completed the steps in Configuring the CAS Primary Cluster Node.

To set up each secondary CAS cluster node:

Create a Managed Server for each secondary CAS cluster node and assign it to the WebLogic cluster containing the primary CAS cluster node.
Shut down all CAS Managed Servers.
Create a CAS config directory (CAS_CONFIG_DIR) on the new Managed Server; for example, DOMAIN_HOME/wcsites/cas/config.
Copy the contents of the CAS_CONFIG_DIR directory from the primary CAS Managed Server to the new Managed Server, the secondary cluster node.
Set the host.name parameter value in CAS_CONFIG_DIR/host.properties to the host name or IP address of this secondary cluster node.
Update the CAS_CONFIG_DIR/jbossTicketCacheReplicationConfig.xml file as follows:
- Set bind_addr to the host name or IP address of this secondary cluster node.
- (Optional) If you are clustering the CAS application, set ip_ttl to a value appropriate for your environment. Oracle recommends 1 as a starting point. See Setting Up a WebCenter Sites Cluster for a list of suggested values.
Start the load balancer, if it is not already running.
Start the new Managed Server.
Log in to the WebCenter Sites Admin interface to ensure that the new server is functional.

If you get the error Unable to access credential store when you try to log in to WebCenter Sites, run the grant-opss-permission.sh script or grant-opss-permission.bat command, as Completing Prerequisites for Configuring WebCenter Sites describes.

After you have configured and tested all the secondary CAS cluster nodes, start the primary and all secondary CAS cluster nodes, and, optionally, restart the load balancer. Then log in to the WebCenter Sites Admin interface to confirm that the CAS cluster has been successfully configured.

Note:

If the cluster members are not all colocated in a Weblogic domain on the same machine, the timeToLive field must be changed from the default value of 0. Set the timeToLive field based on the distribution of your clustered machines. A list of possible settings follows:

timeToLive Value	Distribution of Clustered Machines
`1`	Multicast packets restricted to the same subnet (suggested cluster value if distribution unknown)
`32`	Multicast packets restricted to the same site
`64`	Multicast packets restricted to the same region
`128`	Multicast packets restricted to the same continent
`255`	Multicast packets unrestricted