...
However, as we discovered in the original High Availability rollout attempt, Java-based CAS clients do not automatically pick up the DNS changes. This is caused by an underlying security setting of the Java Virtual Machine that caches DNS resolutions permanently between restarts. This causes those clients to break after the DNS switch, as they do not update their IP address to the new setting.
Known Affected Clients
The If your service uses one of the following clients, you will need to use one of the workarounds listed below.
- Ja-Sig Java CAS client (all versions)
- JSP CAS Client
- Cold Fusion (cas_auth_dbcache and cas_auth_filecache)
Known Unaffected Clients
The following clients performed correctly during the High Availability Upgrade attempt and DO NOT need to use a workaround.
- mod_auth_cas
- .NET CAS clients
- ASP CAS Clients
- CASAuthN ISAPI Client
- Zope / Plone Client
Workarounds / Resolutions
The following workarounds and resolutions will allow your Java-based CASified application to properly authenticate to CAS after the High Availability upgrade.
Update JDK to 10.6 or greater
...