Java DNS Caching Solutions
As part of the CAS High Availability upgrade, CAS will be changing its IP address. This change will be carried out on the Campus DNS servers which will have their outbound TTL for the cas.ucdavis.edu hostname set to 10 minutes prior to the change.
However, as we discovered in the original High Availability rollout attempt, Java-based CAS clients do not automatically pick up the DNS changes. This is caused by an underlying security setting of the Java Virtual Machine that caches DNS resolutions permanently between restarts. This causes those clients to break after the DNS switch, as they do not update their IP address to the new setting.
Known Affected Clients
If your service uses one of the following clients, you will need to use one of the workarounds listed below.
- Ja-Sig Java CAS client (all versions)
- JSP CAS Client
- Cold Fusion (cas_auth_dbcache and cas_auth_filecache)
Known Unaffected Clients
The following clients performed correctly during the High Availability Upgrade attempt and DO NOT need to use a workaround.
- mod_auth_cas
- .NET CAS clients
- ASP CAS Clients
- CASAuthN ISAPI Client
- Zope / Plone Client
Workarounds / Resolutions
The following workarounds and resolutions will allow your Java-based CASified application to properly authenticate to CAS after the High Availability upgrade.