0 Replies Latest reply on Oct 14, 2015 10:09 AM by vamshi_appala

JsessionidSSO is set to null in wildfly8.2 cluster setup

vamshi_appala Oct 14, 2015 10:09 AM

Hi,

I have setup a cluster with two Nodes[wildfly-8.2.Final] and a Apache Mod cluster acting as Load balancer. On both the servers I have deployed two webapps which are configured to use SSO.

Here is the scenario where undertow is setting JSessionID to null

1) Open URL for webapp from browser and authenticate using username and password. Request hit Node A

2) Perform some operations on the webpage. In the browser I can see JSESSIONID and JSESSIONIDSSO

3)Take down nodeA, request is routed to NodeB, and I can see the JSESSIONID and JSESSIONIDSSO are retained

4)After some time bring back NodeA and take down Node B, request is re-directed to Node A

5)At this point I can see that JSESSIONID being transferred but JSESSIONIDSSO is set to NULL and I get 403 error

Any suggestion on how to resolve this issue?

Here is the undertow DUMP

----------------------------REQUEST---------------------------

URI=/xdm.portal//dispatch

characterEncoding=null

contentLength=407

contentType=[text/x-gwt-rpc; charset=UTF-8]

cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-1-vamshi

cookie=JSESSIONIDSSO=OwJviw6Ae7cQvDQcKY2fsZKA

header=Accept=*/*

header=Accept-Language=en-US,en;q=0.8

header=X-GWT-Module-Base=http://alh-vaw7-dt.alh.mentorg.com:8081/xdm.portal/portal/

header=Accept-Encoding=gzip, deflate

header=Origin=http://alh-vaw7-dt.alh.mentorg.com:8081

header=User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36

header=Connection=keep-alive

header=Content-Length=407

header=Content-Type=text/x-gwt-rpc; charset=UTF-8

header=Cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-1-vamshi; JSESSIONIDSSO=OwJviw6Ae7cQvDQcKY2fsZKA

header=Referer=http://alh-vaw7-dt.alh.mentorg.com:8081/xdm.portal/

header=X-GWT-Permutation=2EC4A7D9639DBDD568463BEEB3FACF04

header=Host=alh-vaw7-dt.alh.mentorg.com:8081

locale=[en_US, en]

method=POST

protocol=HTTP/1.1

queryString=

remoteAddr=/134.86.109.20:59879

remoteHost=ALH-VKW7-LT.alh.mentorg.com

scheme=http

host=alh-vaw7-dt.alh.mentorg.com:8081

serverPort=8081

--------------------------RESPONSE--------------------------

contentLength=5908

contentType=text/html

cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-2; domain=null; path=/xdm.portal

cookie=JSESSIONIDSSO=null; domain=alh-vaw7-dt.alh.mentorg.com; path=null

header=Expires=0

header=Cache-Control=no-cache, no-store, must-revalidate

header=X-Powered-By=Undertow/1

header=Set-Cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-2; path=/xdm.portal

header=Set-Cookie=JSESSIONIDSSO=null; domain=alh-vaw7-dt.alh.mentorg.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 GMT

header=Server=WildFly/8

header=Pragma=no-cache

header=Date=Wed, 14 Oct 2015 13:49:37 GMT

header=Last-Modified=Tue, 13 Oct 2015 15:47:40 GMT

header=Content-Type=text/html

header=Content-Length=5908

status=200

==============================================================

Below is the configuration I have been using

standalone-ha.xml

<ajp-listener name="ajp" socket-binding="ajp"/>

<http-listener name="default" socket-binding="http" max-header-size="1073741824" max-post-size="1073741824"/>

<filter-ref name="server-header"/>

<filter-ref name="x-powered-by-header"/>

<filter-ref name="request-dumper"/>

<single-sign-on domain="alh-vaw7-dt.alh.mentorg.com" path="/"/>

</host>

</server>

<cache-container name="web" default-cache="web-dist" module="org.wildfly.clustering.web.infinispan" aliases="standard-session-cache">

<replicated-cache name="repl" batching="true" mode="SYNC" remote-timeout="300000">

<state-transfer timeout="300000"/>

<file-store/>

</replicated-cache>

<distributed-cache start="EAGER" name="web-dist" batching="true" mode="SYNC" remote-timeout="300000" owners="2" l1-lifespan="0">

<!--

<state-transfer timeout="300000"/>

<file-store />

</distributed-cache>

</cache-container>

jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>

<jboss-web>

<security-domain>iS3Login</security-domain>

<context-root>/xdm.portal</context-root>

<replication-config>

<replication-trigger>ACCESS</replication-trigger>

<replication-granularity>SESSION</replication-granularity>

</replication-config>

</jboss-web>

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"

version="3.0">

<session-config>

<session-timeout>15</session-timeout>

</session-config>

<security-constraint>

<display-name>iS3 Web</display-name>

<web-resource-collection>

<web-resource-name>Default access</web-resource-name>

<url-pattern>/</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

<http-method>PUT</http-method>

<http-method>DELETE</http-method>

<http-method>HEAD</http-method>

<http-method>OPTIONS</http-method>

<http-method>TRACE</http-method>

</web-resource-collection>

<auth-constraint>

<role-name>User</role-name>

</auth-constraint>

</security-constraint>

<security-constraint>

<display-name>Not secured</display-name>

<web-resource-collection>

<web-resource-name>Free access</web-resource-name>

<url-pattern>/idm_resources/*</url-pattern>

<url-pattern>/resources/*</url-pattern>

</web-resource-collection>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<realm-name>iS3Login</realm-name>

<form-login-config>

<form-login-page>/idm_resources/403.html</form-login-page>

<form-error-page>/idm_resources/403.html</form-error-page>

</form-login-config>

</login-config>

<security-role>

<role-name>User</role-name>

</security-role>

</web-app>