I've a problem with cas logout and Nginx : somtimes it's works and sometimes no!!!
My configuration :
- 1 ldap server
- 1 server with nginx & store
- 2 other stores
For the cas server, I've 2 cas server whith cluster (and memcached) and for apache i've 2 front server in load balancing.
All it's good but not the cas logout :
If i logout from my portal sometimes i'm well logout to zimbra sometimes no... In fact if i reconnecte with another user is the same navigator session, my portal is weel connected with the new user (and all applications too) but in zimbra I have the precedent session user...
When i look the nginx access log, i see the call on post to the preauth with logout parameter but when the logout is ko, i don't see the logout in jettyx.
My investigations are :
- It's the cas server who ask logout to zimbra (because he have the zimbra service registered)
- one of the apache server relay the logout
- nginx receive logout
But nginx does not relay cas logout to the well jettyx server. And because when cas server call logout, he don't send the ZM_AUTH_TOKEN cookie.
I think Nginx relay sometimes the logout at the same jettyx server who make login and it's work
But sometimes it's relay the logout to another jettyx server than the login jettyx server and so the logout don't work...
I saw that normaly, if nginx receive an url without ZIMBRA_AUTH_TOKEN, it relay it to the jettyx server with an IPHASH and so normally, with my 2 front apache server, it will be all the times the same jettyx server... but this don't work so good...
So my questions :
- Is ther a bug with cas & nginx logout? and if yes does this it's a good solution to make login and logout always on the same jettyx server (same if the user is not on this jettyx server store?)?
- Can i force nginx to relay some source IP to always the same Jettyx server?
- does my diagnostic is good?
thanks a lot by advance for all the good ideas...
PS : My zimbra version is 7.2.0_GA_2669.DEBIAN5_64