1 Reply Latest reply on Nov 5, 2014 1:18 AM by lionelve

    Authentication cache with Clustered SSO


      I am confused about how authentication cache works in a clustered configuration with JBOSS AS 7.2.0 Final


      With two nodes:


      - When login to an application on node1 sso cookie is successully created

      - Accessing the same application on node2 always goes through UsernamePasswordLoginModule::login() the first time using the credentials found with the cookie. So here we are properly logged in but it seems that it's not thanks to a replicated Principal but rather thanks to a reauthentication.


      My understanding was that when using a cache in a clustered configuration we should have the Principal propagated through each nodes and therefore, we should not go through the login() of the LogingModule again.


      What am I missing here ? Is this a configuration issue or did I just misunderstood how it should work ?


      I found some threads (like Configuring a clustered SSO  ) mentioning there was some issues with SSO and clustering but it seems to be resolved in 7.2.0 Final ...




      Here is my configuration:





              <subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">
                  <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
                  <connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
                  <virtual-server name="default-host" enable-welcome-root="false">
                      <alias name="localhost"/>
                      <sso cache-container="web" cache-name="sso" reauthenticate="true"/>
           <subsystem xmlns="urn:jboss:domain:infinispan:1.4">
                  <cache-container name="web" aliases="standard-session-cache" default-cache="repl" module="org.jboss.as.clustering.web.infinispan">
                      <transport lock-timeout="60000"/>
                      <replicated-cache name="repl" mode="ASYNC" batching="true">
                      <replicated-cache name="sso" mode="SYNC" batching="true"/>
                      <distributed-cache name="dist" l1-lifespan="0" mode="ASYNC" batching="true">





        <security-domain name="myDomain" cache-type="default">
                      <login-module code="com.MyLoginModule" flag="sufficient">
                          <module-option name="silentFail" value="true"/>