CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: replication behind load balancer

I haven't started playing with replication part yet, but can see if the
BigIP part is involved - care to send me the relevant parts of your
/config/bigip.conf, as well as your 'ifconfig -a' and 'netstat -rn'
output from the 10.41.0.x units as well?  Looks like they may be
routing through the BigIP instead of going direct, and the BigIP
is SNATting things.

We dealt with SNAT stuff already in order to get a single Cosign blade to communicate properly with Shibboleth origin blades.

I added the opposite blade's IP address to the /etc/hosts file on each blade. Now, communication between cosignd processes is not crossing the load balancer, so I think I am just dealing with cosign configuration issues at this point.

The documentation is a little thin on replication. What should the consign.conf file contain on each host? Now that I can use the host names of the individual blades, I created client certs for 'cosign11' and 'cosign12'. I have tried various permutations in the cosign.conf file, but I still get the error "f_starttls: No access for cosign1[12]" in the log file. I get a "CHILD xxxxx talking to itself" error in the other host's log file. I was also getting a "cosign[12] is not a daemon" error at some point.

Can someone tell me more about these errors?


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010