-
1. Re: Couldn't instantiate ClusteredSingleSignOn valve
jaikiran Jun 18, 2013 1:42 AM (in response to vijaydaniel)Is that the entire exception stacktrace? If not, please post the entire stacktrace that you see against 8.0.0.Alpha1 (or latest WildFly nightly build https://community.jboss.org/thread/224262)
-
2. Re: Couldn't instantiate ClusteredSingleSignOn valve
vijaydaniel Jun 20, 2013 6:20 AM (in response to jaikiran)Hi,
Thanks for your response.
I have tried with wildfly as well and it is the same behavior. Couldn't instantiate ClusteredSingleSignOn.
I could get only the above traces - that is the full exception stack I could see.
Regards,
Vijay
-
3. Re: Couldn't instantiate ClusteredSingleSignOn valve
ctomc Jun 20, 2013 6:26 AM (in response to vijaydaniel)Hi,
WildFly comes with new web server called undertow, which at the moment does not yet support tomcat's valves.
That is planned to be added before final release.
But you can still use old jbossweb, which is available if you run wildfly with standalone.sh/bat -c standalone-jbossweb.xml or
replace undertow subsystem configuration with web subsystem in standalone.xml
--
tomaz
-
4. Re: Couldn't instantiate ClusteredSingleSignOn valve
pferraro Jun 20, 2013 10:57 AM (in response to ctomc)There's a bit more to the story if you intend to use the web subsystem w/clustering (I'm assuming this was the original intent, given the use of ClusteredSingleSignOn), since the standalone-jbossweb.xml is the analog configuration for standalone.xml. There is, however, no jbossweb analog for standalone-ha.xml included out of the box.
-
5. Re: Couldn't instantiate ClusteredSingleSignOn valve
adrianoschmidt Jun 26, 2013 2:04 PM (in response to vijaydaniel)i'm with the same error! : /
Caused by: java.lang.InstantiationException: org.jboss.as.web.sso.ClusteredSingleSignOn
-
6. Re: Couldn't instantiate ClusteredSingleSignOn valve
vijaydaniel Jun 27, 2013 1:14 AM (in response to adrianoschmidt)Hi,
Nothing to worry about this exception...!
Actually in latest version of JBOSS, the clusteredsinglesignon value is automatically instantiated...if you provided the cache-container in the domain.xml..
so don't give any valve configuration in your jboss.web.xml...
this will solve your problem...
you can use decomplier to see ClusteredSingleSignOn valve to get the trace statement. You will be able to find these statements in your server.log file.
-Vijay
-
7. Re: Couldn't instantiate ClusteredSingleSignOn valve
maksymg Jun 27, 2013 1:04 PM (in response to vijaydaniel)How in this situation control "maxEmptyLife" parameter that should limit life of clustered session when there is no active session associated to?
-
8. Re: Couldn't instantiate ClusteredSingleSignOn valve
adrianoschmidt Jun 27, 2013 8:47 PM (in response to vijaydaniel)so, if I follow the below document, without define the valve in my jboss-web.xml, the sso (the user principal) will be clustered?
Thanks!
Adriano Schmidt
-
9. Re: Couldn't instantiate ClusteredSingleSignOn valve
pferraro Jun 28, 2013 11:23 AM (in response to adrianoschmidt)To enable clustered sso in wildfly, just add the appropriate <sso/> element to your web subsystem configuration. You cannot just use standalone-jbossweb.xml (since it lacks the requisite clustering subsystems), but rather replace the undertow subsystem with the web subsystem configuration from standalone-jbossweb.xml into standalone-ha.xml or standalone-ha-full.xml.
e.g.
{code:xml}<subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
<sso cache-container="web"/>
</virtual-server>
</subsystem>{code}
-
10. Re: Couldn't instantiate ClusteredSingleSignOn valve
maksymg Jun 28, 2013 12:11 PM (in response to pferraro)Paul,
Thanks for your prompt replies.
Let me expalin why I looked for "maxEmptyLife" parameter manipulation. Based on my observation, all available versions of JBoss 7.1.X and EAP 6.1.X has a security britch that keep a once established clustered session indefinetly active even all associated local session are timed out long time ago. Test it pretty easy:
- Config clustered sso as described in EAP manual
- Access a protected resource (SSO & local session cookies are assigned)
- Wait until your local session is expired plus X hours you like
- Try to access the same resource again: you get it without authentication (browser sends the old SSO cookie and gets a new local session Id)
Trying to set max-idle paramater in infinispan for sso cache hasn't helped either.
I didn't had a chance to test WildFly, but would appreciate if some one has any clue how to address it in JBoss 7.X.
Thanks,
Maksym
-
11. Re: Couldn't instantiate ClusteredSingleSignOn valve
pferraro Jun 28, 2013 3:27 PM (in response to maksymg)If you could test this on Wildfly, that would be great. I've completely rewritten the clustered SSO logic in 8.0.0.Alpha2.
The max-idle property of the file-store won't do anything, since AS7/Wildfly uses manual eviction - not Infinispan-managed eviction.
-
12. Re: Couldn't instantiate ClusteredSingleSignOn valve
maksymg Jun 28, 2013 5:25 PM (in response to pferraro)Paul,
In your new implementation, how could we control former "maxEmptyLife" (max empty life timeout for SSO session after the last active local session timed out) parameter. What's the default value? Without that information I'm not sure what would be a valid test plan(wait for how long)?
-
13. Re: Couldn't instantiate ClusteredSingleSignOn valve
pferraro Jun 28, 2013 6:41 PM (in response to maksymg)That is not supported in the new implementation yet (although it is in the non-clustered implementation). I've submitted a jira to restore support for this feature.
-
14. Re: Couldn't instantiate ClusteredSingleSignOn valve
maksymg Jun 28, 2013 6:45 PM (in response to pferraro)So with the current code, clustered SSO should be disposed immediatly after the last open session is timeout, correct? It works fo me.