-
1. Re: ClusteredSingleSignOn problem
roberto Jul 17, 2006 2:00 AM (in response to roberto)I try to change FORM authentication to BASIC in web xml, and now it works. But i need to use FORM authentication.
What this means? i need to do additional operation in my code or there is a bug or is not supported.... ?
Best Regards,
Roberto -
2. Re: ClusteredSingleSignOn problem
brian.stansberry Jul 17, 2006 11:40 AM (in response to roberto)There should be no problem with FORM authentication; our unit tests of Clustered SSO use FORM authentication.
In your original post there was a piece that didn't come through where you showed what you did to activate ClusteredSingleSignOn. Please repost that bit, and use the [Code] button above the form to surround the XML; that will let the XML come through. -
3. Re: ClusteredSingleSignOn problem
roberto Jul 17, 2006 12:21 PM (in response to roberto)This are my configuration steps for both node:
Step #1: Download Apache2 Web Server version 2.0.58 and installed as default
Step #2: Download mod_jk-apache-2.0.55.so
Step #3: Setup Apache
Add this line at the very bottom in APACHE_HOME/conf/httpd.conf :Include conf/mod-jk.conf
create a new mod-jk.conf like this:# Load mod_jk module # Specify the filename of the mod_jk lib LoadModule jk_module modules/mod_jk.so # Where to find workers.properties JkWorkersFile conf/workers.properties # Where to put jk logs JkLogFile logs/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevel info # Select the log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y]" # JkOptions indicates to send SSK KEY SIZE JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories # JkRequestLogFormat JkRequestLogFormat "%w %V %T" # Mount your applications. /* means All application JkMount /* loadbalancer # You can use external file for mount points. # It will be checked for updates each 60 seconds. # The format of the file is: /url=worker # /examples/*=loadbalancer #JkMountFile conf/uriworkermap.properties # Add shared memory. # This directive is present with 1.2.10 and # later versions of mod_jk, and is needed for # for load balancing to work properly JkShmFile logs/jk.shm # Add jkstatus for managing runtime data <Location /jkstatus/> JkMount jkstatus Order deny,allow Deny from all Allow from 127.0.0.1 </Location>
Configure workers.properties using Sticky Session
(i'm creating a cluster on the same machine)# Define list of workers that will be used # for mapping requests worker.list=loadbalancer,status # Define Cluster1 worker.node1.port=8009 worker.node1.host=127.0.0.1 worker.node1.type=ajp13 worker.node1.lbfactor=1 #worker.node1.local_worker=1 (1) worker.node1.cachesize=10 # Define Cluster2 worker.node2.port=8309 worker.node2.host=127.0.0.1 worker.node2.type=ajp13 worker.node2.lbfactor=1 #worker.node2.local_worker=1 (1) worker.node2.cachesize=10 # Load-balancing behaviour worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=node1, node2 worker.loadbalancer.sticky_session=1 worker.loadbalancer.local_worker_only=1 worker.list=loadbalancer # Status worker for managing load balancer worker.status.type=status
Step #4: Setup Tomcato inside JBoss
in JBOSS_HOME\server\<my node>\deploy\jbossweb-tomcat55.sar\server.xml
added jvmRoute to match workers (node1 and node2)<Engine name="jboss.web" defaultHost="localhost" jvmRoute="node1"> .... </Engine>
and uncomment ClusteredSingleSignOn valve... <!-- Uncomment to enable single sign-on across web apps deployed to this host AND to all other hosts in the cluster. If this valve is used, do not use the standard Tomcat SingleSignOn valve shown above. Valve uses a JBossCache instance to support SSO credential caching and replication across the cluster. The JBossCache instance must be configured separately. By default, the valve shares a JBossCache with the service that supports HttpSession replication. See the "tc5-cluster-service.xml" file in the server/all/deploy directory for cache configuration details. Besides the attributes supported by the standard Tomcat SingleSignOn valve (see the Tomcat docs), this version also supports the following attributes: cookieDomain see above treeCacheName JMX ObjectName of the JBossCache MBean used to support credential caching and replication across the cluster. If not set, the default value is "jboss.cache:service=TomcatClusteringCache", the standard ObjectName of the JBossCache MBean used to support session replication. --> <!-- --> <Valve className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn" debug="2" /> ....
Step #5: Setup Tomcato inside JBoss
in JBOSS_HOME\server\<my node>\deploy\jbossweb-tomcat55.sar\META-INF\jboss-service.xml
Finally, I need to tell Tomcat to add the jvmRoute value to its session cookies so that mod_jk can route incoming requests.
So I change UseJK from false to true... <attribute name="UseJK">true</attribute> ...
Step #6: Set loopback to true for UDP problem on windows machine
Step #7: in my web.xml... <distributable></distributable> ...
and on my jboss-web.xml... <replication-config> <replication-trigger>SET_AND_NON_PRIMITIVE_GET</replication-trigger> <replication-granularity>SESSION</replication-granularity> </replication-config> ...
-
4. Re: ClusteredSingleSignOn problem
brian.stansberry Jul 17, 2006 12:45 PM (in response to roberto)This looks correct.
1) Do you have cookies enabled, or are you trying to use URL rewriting (which won't work w/ Clustered SSO)?
2) I suspect you get the same "DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] SSO cookie is not present" message when using BASIC; it's just that with BASIC the browser presents your credential so the logon happens transparently. Please confirm. -
5. Re: ClusteredSingleSignOn problem
roberto Jul 18, 2006 3:38 AM (in response to roberto)1) I have cookies enabled
2) The message "SSO cookies is not present" occurs also with BASIC Authentication
Maybe can be useful know that i'm running on Windows Server 2003 Enterprise x64 Edition SP1 with JDK 1.5.0_07 64 bit edition
Instead Apache and mod-Jk is 32 bit version
Thank You -
6. Re: ClusteredSingleSignOn problem
brian.stansberry Jul 19, 2006 5:27 PM (in response to roberto)Is there any logging from the 1st server showing the SSO being established and the cookie being issued?
-
7. Re: ClusteredSingleSignOn problem
roberto Jul 20, 2006 2:34 AM (in response to roberto)Please tell me how to turn on log for that kind of informations.
It's enought log for ContainerBase? This is the only one that I add to the standard log4j
At this moment,
in my log related to SSO i found only:... 2006-07-19 16:08:17,140 DEBUG [org.jboss.web.tomcat.tc5.sso.TreeCacheSSOClusterManager] Successfully integrated with cache service jboss.cache:service=TomcatClusteringCache ... 2006-07-19 16:35:17,578 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] Process request for '/now/Main.jsp' 2006-07-19 16:35:17,578 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] Checking for cached principal for 5FA6BEF297272CD734130D4DAC707A4B 2006-07-19 16:35:17,578 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] Found cached principal 'user2' with auth type 'FORM' 2006-07-19 16:35:17,578 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] Associate sso id 5FA6BEF297272CD734130D4DAC707A4B with session SessionBasedClusteredSession[id: g+2eoqxmkoLfW7IYqRpxWQ**.node1 lastAccessedTime: 1153319717328 version: 3 lastOutdated: 0] 2006-07-19 16:35:17,578 DEBUG [org.jboss.web.tomcat.tc5.session.JvmRouteValve] checkJvmRoute(): check if need to re-route based on JvmRoute. Session id: g+2eoqxmkoLfW7IYqRpxWQ**.node1 jvmRoute: node1 2006-07-19 16:35:17,578 DEBUG [org.jboss.web.tomcat.tc5.session.JBossCacheManager] check to see if needs to store and replicate session with id g+2eoqxmkoLfW7IYqRpxWQ**.node1 2006-07-19 16:35:17,578 DEBUG [org.jboss.web.tomcat.tc5.session.ClusteredSession] processSessionRepl(): session is dirty. Will increment version from: 3 and replicate. 2006-07-19 16:35:17,703 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] Process request for '/now/ABSMenuIndex.jsp' 2006-07-19 16:35:17,703 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] Checking for cached principal for 5FA6BEF297272CD734130D4DAC707A4B 2006-07-19 16:35:17,703 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] Found cached principal 'user2' with auth type 'FORM' 2006-07-19 16:35:17,703 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] Associate sso id 5FA6BEF297272CD734130D4DAC707A4B with session SessionBasedClusteredSession[id: g+2eoqxmkoLfW7IYqRpxWQ**.node1 lastAccessedTime: 1153319717578 version: 4 lastOutdated: 0] 2006-07-19 16:35:17,703 DEBUG [org.jboss.web.tomcat.tc5.session.JvmRouteValve] checkJvmRoute(): check if need to re-route based on JvmRoute. Session id: g+2eoqxmkoLfW7IYqRpxWQ**.node1 jvmRoute: node1 2006-07-19 16:35:17,703 DEBUG [org.jboss.web.tomcat.tc5.session.JBossCacheManager] check to see if needs to store and replicate session with id g+2eoqxmkoLfW7IYqRpxWQ**.node1 2006-07-19 16:35:17,703 DEBUG [org.jboss.web.tomcat.tc5.session.ClusteredSession] processSessionRepl(): session is dirty. Will increment version from: 4 and replicate. 200 .....
I hope this is useful
Thanks
Roberto -
8. Re: ClusteredSingleSignOn problem
brian.stansberry Jul 20, 2006 9:59 AM (in response to roberto)OK, messages like "Associate sso id 5FA6BEF297272CD734130D4DAC707A4B with session SessionBasedClusteredSession" are telling me the SSO has been established.
I'm not really sure what to tell you; everything you are doing seems fine. All I can think of is to check your browser to make sure it has a JSESSIONIDSSO cookie and a jsessionid cookie. -
9. Re: ClusteredSingleSignOn problem
roberto Jul 20, 2006 11:57 AM (in response to roberto)Please , can you please tell me how check my browser to make sure that it has JSESSIONIDSSO and jsessionid cookies?
Thanks -
10. Re: ClusteredSingleSignOn problem
brian.stansberry Jul 20, 2006 12:04 PM (in response to roberto)For Firefox, go into Tools -- Options -- Privacy -- Cookies and there is a View Cookies button.
I don't recall how w/ IE, other than poking around in some subfolder of your folder in Documents and Settings and finding the file where they are stored. -
11. Re: ClusteredSingleSignOn problem
roberto Jul 21, 2006 5:04 AM (in response to roberto)I check cockies using Firefox 2.0 Beta.
and cookies are present.
Both JSESSIONIDSSO and JSESSIONID (all in uppercase) exist from the right site.
:(
http://img225.imageshack.us/my.php?image=jsessionidjv2.png
[url]http://img213.imageshack.us/my.php?image=jsessionidssocp4.png/url]