2 Replies Latest reply on Oct 8, 2015 2:33 PM by vamshi appala

    Wildfly8.2 SSO Cluster replication

    vamshi appala Newbie

      Hello,

      I have setup an Wildfly cluster with two instances and with Apache Mod cluster acting as load balancer. I have deployed same applications on both the cluster Nodes. Our webapps have been configured to Use Web SSO.

       

      Here is the scenario where I am seeing issues

      1) Login to Web Application, load balancer choose one particular server [ Server A]

      2) Logged in, I can see JSessionID and JSessionIDSSO

      3)Now I shut down the Server A after some activity

      4)Load Balancer is automatically re-directing the request to Server B

      5)When I look at  the browser Cookies I see JSessionIDSSO is set to NULL and my apps doesnt work properly because of missing SSO token

       

      Here is my Wildfly Configuration

       

      <subsystem xmlns="urn:jboss:domain:undertow:1.2" instance-id="${jboss.node.name}">

                  <buffer-cache name="default"/>

                  <server name="default-server">

                      <ajp-listener name="ajp" socket-binding="ajp"/>

                      <http-listener name="default" socket-binding="http" max-header-size="1073741824" max-post-size="1073741824"/>

                      <host name="default-host" alias="localhost">

                          <location name="/" handler="welcome-content"/>

                          <filter-ref name="server-header"/>

                          <filter-ref name="x-powered-by-header"/>

                          <single-sign-on path="/"/>

                      </host>

                  </server>

                  <servlet-container name="default">

                      <jsp-config/>

                      <websockets/>

                  </servlet-container>

                  <handlers>

                      <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>

                  </handlers>

                  <filters>

                      <response-header name="server-header" header-name="Server" header-value="WildFly/8"/>

                      <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>

                  </filters>

              </subsystem>

       

       

       

      <subsystem xmlns="urn:jboss:domain:infinispan:2.0">

                  <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server" aliases="singleton cluster">

                      <transport lock-timeout="60000"/>

                      <replicated-cache name="default" batching="true" mode="SYNC">

                          <locking isolation="REPEATABLE_READ"/>

                      </replicated-cache>

                  </cache-container>

                  <cache-container name="web" default-cache="repl" module="org.wildfly.clustering.web.infinispan" aliases="standard-session-cache">

                      <transport lock-timeout="60000"/>

                      <replicated-cache name="repl" batching="true" mode="ASYNC">

                          <file-store/>

                      </replicated-cache>

                      <replicated-cache name="sso" batching="true" mode="SYNC"/>

                      <distributed-cache name="dist" batching="true" mode="ASYNC" l1-lifespan="0">

                          <file-store/>

                      </distributed-cache>

                  </cache-container>

       

      Following are the configuration options I have defined in web.xml and jboss-web.xml

       

      Web.xml

      <?xml version="1.0" encoding="UTF-8"?>

      <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"

        version="3.0">

        <distributable/>

         

      </web-app>

       

      jboss-web.xml

      <?xml version="1.0" encoding="UTF-8"?>

      <jboss-web>

        <security-domain>Login</security-domain>

        <context-root>/portal</context-root>

       

          <replication-config>

              <replication-trigger>SET_AND_NON_PRIMITIVE_GET</replication-trigger>

              <replication-granularity>SESSION</replication-granularity>      

          </replication-config>

       

       

      </jboss-web>

        • 1. Re: Wildfly8.2 SSO Cluster replication
          Paul Ferraro Master

          There have been many fixes to SSO since WildFly 8.2.  Are you able to reproduce the issue with WF9? or better yet, the latest WF10 CR?

           

          Also, as of WF8, <replication-trigger/> is ignored and can be omitted.

          • 2. Re: Wildfly8.2 SSO Cluster replication
            vamshi appala Newbie

            All our application logic is ported to wildfy 8.2 and we not targeting to move to WF 9 until another 6 months. Is there way we can patch WF 8 with the SSO changes

             

            Here is the Undertow dump when Server A dies and request reaches another Server. Undertow is setting JSessionIDSSO to null. Is there a way to look at logs to determine if replication of SSO is happening.  In Jboss AS7 we used to set reauthenticate=false and define the cache name, How can we set this in WF8.2, Does SSO information replicates in cluster setup.

             

            2015-10-08 10:24:32,465 INFO  [io.undertow.request.dump] (default task-1)

            ----------------------------REQUEST---------------------------

                           URI=/xdm.portal//dispatch

            characterEncoding=null

                 contentLength=407

                   contentType=[text/x-gwt-rpc; charset=UTF-8]

                        cookie=JSESSIONID=sOsjxrMMnVp_weaq4bejTyuf.server-2

                        cookie=JSESSIONIDSSO=eAISUoAvT9bQ80Ooy2df-Clz

                        header=Accept=*/*

                        header=Accept-Language=en-US,en;q=0.8

                        header=X-GWT-Module-Base=http://alh-vaw7-dt.alh.mentorg.com:8081/xdm.portal/portal/

                        header=Accept-Encoding=gzip, deflate

                        header=Origin=http://alh-vaw7-dt.alh.mentorg.com:8081

                        header=User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36

                        header=Connection=keep-alive

                        header=Content-Length=407

                        header=Content-Type=text/x-gwt-rpc; charset=UTF-8

                        header=Cookie=JSESSIONID=sOsjxrMMnVp_weaq4bejTyuf.server-2; JSESSIONIDSSO=eAISUoAvT9bQ80Ooy2df-Clz

                        header=Referer=http://alh-vaw7-dt.alh.mentorg.com:8081/xdm.portal/

                        header=X-GWT-Permutation=88FC5070399F38AB90510147330FE6F0

                        header=Host=alh-vaw7-dt.alh.mentorg.com:8081

                        locale=[en_US, en]

                        method=POST

                      protocol=HTTP/1.1

                   queryString=

                    remoteAddr=/134.86.109.20:61211

                    remoteHost=ALH-VKW7-LT.alh.mentorg.com

                        scheme=http

                          host=alh-vaw7-dt.alh.mentorg.com:8081

                    serverPort=8081

            --------------------------RESPONSE--------------------------

                 contentLength=5908

                   contentType=text/html

                        cookie=JSESSIONID=LmfAPOwT-RCAY-moGyEsNsr_.server-1-vamshi; domain=null; path=/xdm.portal

                        cookie=JSESSIONIDSSO=null; domain=null; path=null

                        header=Expires=0

                        header=Expires=0

                        header=Cache-Control=no-cache, no-store, must-revalidate

                        header=Cache-Control=no-cache, no-store, must-revalidate

                        header=X-Powered-By=Undertow/1

                        header=Set-Cookie=JSESSIONID=LmfAPOwT-RCAY-moGyEsNsr_.server-1-vamshi; path=/xdm.portal

                        header=Set-Cookie=JSESSIONIDSSO=null; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 GMT

                        header=Server=WildFly/8

                        header=Pragma=no-cache

                        header=Pragma=no-cache

                        header=Date=Thu, 08 Oct 2015 15:24:32 GMT

                        header=Last-Modified=Tue, 06 Oct 2015 19:02:48 GMT

                        header=Content-Type=text/html

                        header=Content-Length=5908

                        status=200

            ==============================================================