3 Replies Latest reply on Oct 8, 2016 8:56 AM by jaikiran

    Having a problem with Wildfly 10.1 JSESSIONIDSSOs

    mark.wardell

      Hello,

       

      I'm seeing an issue where Wildfly 10.1 is not generating JSESSIONIDSSO cookies.  We also saw the problem on 10.0. Basically after you login, no JSESSIONSSOID cookie is set in the response.  The problem is intermittent with server startup.

       

      I can startup the server, and login and the JSESSIONIDSSO cookie is created.  While the server remains running, the JSESSIONIDSSO cookie is always created on login. But I can also just restart the server, and it can come up in a state where the JSESSIONIDSSO is never created.  Once in this state, the only way to recover and get it working again is to restart the server and hope it ends up in the good state.

       

      There are no changes to the standalone xml file between these restarts.  Just simply rebooting the server anywhere from 10% to 5% of the time it will start in the bad state.  And the only way to recover from the bad state is to restart wildfly.

       

      To help diagnose this I used a ServletExtention to look at each of the deployments when they start.

       

          @Override

          public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {

       

              for (String name : deploymentInfo.getAuthenticationMechanisms().keySet()) {

              log.error("Deployment {} : Loaded AuthenticationMechanism : {}", deploymentInfo.getDeploymentName(), name);

              }

              ...

       

      I wrote a script that loops rebooting wildfly and checking to see if a login would generate a JSESSIONIDSSO.

       

      When I ran this in the first 19 reboot attempts JSESSIONIDSSO was created during logging in, the startup logging  looks like this.  Each deployment got 3 auth mechanisms (SPNEGO, DIGEST and SSO), JSESSIONIDSSOs were being generated properly

       

      2016-09-29 13:40:48,493 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 66) Deployment aaaa.war : Loaded AuthenticationMechanism : SPNEGO

      2016-09-29 13:40:48,493 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 66) Deployment aaaa.war : Loaded AuthenticationMechanism : DIGEST

      2016-09-29 13:40:48,493 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 66) Deployment aaaa.war : Loaded AuthenticationMechanism : SSO

      2016-09-29 13:40:48,497 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 60) Deployment bbbb.war : Loaded AuthenticationMechanism : SPNEGO

      2016-09-29 13:40:48,498 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 60) Deployment bbbb.war : Loaded AuthenticationMechanism : DIGEST

      2016-09-29 13:40:48,499 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 60) Deployment bbbb.war : Loaded AuthenticationMechanism : SSO

      2016-09-29 13:40:48,502 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 67) Deployment cccc.war : Loaded AuthenticationMechanism : SPNEGO

      2016-09-29 13:40:48,502 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 67) Deployment cccc.war : Loaded AuthenticationMechanism : DIGEST

      2016-09-29 13:40:48,502 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 67) Deployment cccc.war : Loaded AuthenticationMechanism : SSO

      2016-09-29 13:40:48,679 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 64) Deployment docs.war : Loaded AuthenticationMechanism : SPNEGO

      2016-09-29 13:40:48,679 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 64) Deployment docs.war : Loaded AuthenticationMechanism : DIGEST

      2016-09-29 13:40:48,679 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 64) Deployment docs.war : Loaded AuthenticationMechanism : SSO

      2016-09-29 13:41:01,099 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 61) Deployment dddd.war : Loaded AuthenticationMechanism : SPNEGO

      2016-09-29 13:41:01,099 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 61) Deployment dddd.war : Loaded AuthenticationMechanism : DIGEST

      2016-09-29 13:41:01,099 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 61) Deployment dddd.war : Loaded AuthenticationMechanism : SSO

       

      When the script detected that wildfly started and didn't issue a JSESSIONIDSSO at login the startup logging looks like this:

       

      2016-09-29 13:42:06,404 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 60) Deployment cccc.war : Loaded AuthenticationMechanism : SPNEGO

      2016-09-29 13:42:06,404 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 60) Deployment cccc.war : Loaded AuthenticationMechanism : DIGEST

      2016-09-29 13:42:06,405 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 67) Deployment aaaa.war : Loaded AuthenticationMechanism : SPNEGO

      2016-09-29 13:42:06,407 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 67) Deployment aaaa.war : Loaded AuthenticationMechanism : DIGEST

      2016-09-29 13:42:06,468 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 66) Deployment docs.war : Loaded AuthenticationMechanism : SPNEGO

      2016-09-29 13:42:06,468 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 66) Deployment docs.war : Loaded AuthenticationMechanism : DIGEST

      2016-09-29 13:42:06,502 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 72) Deployment bbbb.war : Loaded AuthenticationMechanism : SPNEGO

      2016-09-29 13:42:06,502 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 72) Deployment bbbb.war : Loaded AuthenticationMechanism : DIGEST

      2016-09-29 13:42:18,712 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 65) Deployment dddd.war : Loaded AuthenticationMechanism : SPNEGO

      2016-09-29 13:42:18,713 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 65) Deployment dddd.war : Loaded AuthenticationMechanism : DIGEST

      2016-09-29 13:42:18,713 ERROR [xxx.xxxx.xxx.wildfly.Registration] (ServerService Thread Pool -- 65) Deployment dddd.war : Loaded AuthenticationMechanism : SSO

       

      Login is implemented bbbb.war, and the above log shows it didn't get the SSO mechanism, where as one of the later deployments did.  I expect that explains why the JSESSIONIDSSO wasn't being generated.

       

      Could there me some race condition between these wars getting deployed and org.wildfly.extension.undertow.SingleSignOnService setting up the SSO mechanism? If so is there anyway to ensure the SSO mechanism is always available to each deployment on a wildfly 10.1 system?

        • 1. Re: Having a problem with Wildfly 10.1 JSESSIONIDSSOs
          jaikiran

          A quick look at WildFly code does suggest that there might be a missing dependency between the (internal) services. The org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService seems to be missing a (optional) dependency on org.wildfly.extension.undertow.SingleSignOnService. The SingleSignOnService is the one which sets up the SSO auth mechanism as additional supported auth mechanisms.

          I probably won't be able to provide a patch for this soon, but someone from the WildFly dev team might be able to, if you file a JIRA here Agile Board - JBoss Issue Tracker  and point to this thread with the details.

          1 of 1 people found this helpful
          • 2. Re: Having a problem with Wildfly 10.1 JSESSIONIDSSOs
            mark.wardell

            Thanks for your feedback, I created WFLY-7247 to cover this.

             

            Would you know of a workaround I could apply to our code that would make the SSO Auth mechanism get reliably installed in a WF 10.1.0.Final.  Is there some extension point or plugin I could write that could setup this dependency?  Or some other way to ensure the deployments always happen after the SingleSignOnService has setup the mechanism?

             

            Any guidance would be much appreciated

            Mark

            1 of 1 people found this helpful
            • 3. Re: Having a problem with Wildfly 10.1 JSESSIONIDSSOs
              jaikiran

              M Wardell wrote:

               

               

               

              Would you know of a workaround I could apply to our code that would make the SSO Auth mechanism get reliably installed in a WF 10.1.0.Final. Is there some extension point or plugin I could write that could setup this dependency? Or some other way to ensure the deployments always happen after the SingleSignOnService has setup the mechanism?

               

              The only workaround I can think of is, to deploy your deployments after the server has started. I don't know if that's feasible in your setup.

               

              As for a fix, I have sent a pull request to 10.x and master branch, containing a potential fix. If it gets approved after review, it will get merged to the WildFly code. You can test out that change and see if it solves your issue.

               

              [10.x branch] Fix for WFLY-7247 by jaikiran · Pull Request #9260 · wildfly/wildfly · GitHub

              [master] Fix for WFLY-7247 by jaikiran · Pull Request #9261 · wildfly/wildfly · GitHub