JsessionidSSO is set to null in wildfly8.2 cluster setup
vamshi_appala Oct 14, 2015 10:09 AMHi,
I have setup a cluster with two Nodes[wildfly-8.2.Final] and a Apache Mod cluster acting as Load balancer. On both the servers I have deployed two webapps which are configured to use SSO.
Here is the scenario where undertow is setting JSessionID to null
1) Open URL for webapp from browser and authenticate using username and password. Request hit Node A
2) Perform some operations on the webpage. In the browser I can see JSESSIONID and JSESSIONIDSSO
3)Take down nodeA, request is routed to NodeB, and I can see the JSESSIONID and JSESSIONIDSSO are retained
4)After some time bring back NodeA and take down Node B, request is re-directed to Node A
5)At this point I can see that JSESSIONID being transferred but JSESSIONIDSSO is set to NULL and I get 403 error
Any suggestion on how to resolve this issue?
Here is the undertow DUMP
----------------------------REQUEST---------------------------
URI=/xdm.portal//dispatch
characterEncoding=null
contentLength=407
contentType=[text/x-gwt-rpc; charset=UTF-8]
cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-1-vamshi
cookie=JSESSIONIDSSO=OwJviw6Ae7cQvDQcKY2fsZKA
header=Accept=*/*
header=Accept-Language=en-US,en;q=0.8
header=X-GWT-Module-Base=http://alh-vaw7-dt.alh.mentorg.com:8081/xdm.portal/portal/
header=Accept-Encoding=gzip, deflate
header=Origin=http://alh-vaw7-dt.alh.mentorg.com:8081
header=User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
header=Connection=keep-alive
header=Content-Length=407
header=Content-Type=text/x-gwt-rpc; charset=UTF-8
header=Cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-1-vamshi; JSESSIONIDSSO=OwJviw6Ae7cQvDQcKY2fsZKA
header=Referer=http://alh-vaw7-dt.alh.mentorg.com:8081/xdm.portal/
header=X-GWT-Permutation=2EC4A7D9639DBDD568463BEEB3FACF04
header=Host=alh-vaw7-dt.alh.mentorg.com:8081
locale=[en_US, en]
method=POST
protocol=HTTP/1.1
queryString=
remoteAddr=/134.86.109.20:59879
remoteHost=ALH-VKW7-LT.alh.mentorg.com
scheme=http
host=alh-vaw7-dt.alh.mentorg.com:8081
serverPort=8081
--------------------------RESPONSE--------------------------
contentLength=5908
contentType=text/html
cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-2; domain=null; path=/xdm.portal
cookie=JSESSIONIDSSO=null; domain=alh-vaw7-dt.alh.mentorg.com; path=null
header=Expires=0
header=Expires=0
header=Cache-Control=no-cache, no-store, must-revalidate
header=Cache-Control=no-cache, no-store, must-revalidate
header=X-Powered-By=Undertow/1
header=Set-Cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-2; path=/xdm.portal
header=Set-Cookie=JSESSIONIDSSO=null; domain=alh-vaw7-dt.alh.mentorg.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 GMT
header=Server=WildFly/8
header=Pragma=no-cache
header=Pragma=no-cache
header=Date=Wed, 14 Oct 2015 13:49:37 GMT
header=Last-Modified=Tue, 13 Oct 2015 15:47:40 GMT
header=Content-Type=text/html
header=Content-Length=5908
status=200
==============================================================
Below is the configuration I have been using
standalone-ha.xml
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp"/>
<http-listener name="default" socket-binding="http" max-header-size="1073741824" max-post-size="1073741824"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="request-dumper"/>
<single-sign-on domain="alh-vaw7-dt.alh.mentorg.com" path="/"/>
</host>
</server>
<cache-container name="web" default-cache="web-dist" module="org.wildfly.clustering.web.infinispan" aliases="standard-session-cache">
<transport lock-timeout="300000"/>
<replicated-cache name="repl" batching="true" mode="SYNC" remote-timeout="300000">
<state-transfer timeout="300000"/>
<file-store/>
</replicated-cache>
<distributed-cache start="EAGER" name="web-dist" batching="true" mode="SYNC" remote-timeout="300000" owners="2" l1-lifespan="0">
<!--
<locking striping="false" acquire-timeout="60000" concurrency-level="3000"/>
<eviction strategy="LIRS" max-entries="1000"/> -->
<state-transfer timeout="300000"/>
<!--<file-store shared="true" preload="true"/> -->
<file-store />
</distributed-cache>
</cache-container>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>iS3Login</security-domain>
<context-root>/xdm.portal</context-root>
<replication-config>
<replication-trigger>ACCESS</replication-trigger>
<replication-granularity>SESSION</replication-granularity>
</replication-config>
</jboss-web>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<distributable/>
<session-config>
<session-timeout>15</session-timeout>
</session-config>
<security-constraint>
<display-name>iS3 Web</display-name>
<web-resource-collection>
<web-resource-name>Default access</web-resource-name>
<url-pattern>/</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
<description>iS3 Web Auth</description>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Not secured</display-name>
<web-resource-collection>
<web-resource-name>Free access</web-resource-name>
<url-pattern>/idm_resources/*</url-pattern>
<url-pattern>/resources/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>iS3Login</realm-name>
<form-login-config>
<form-login-page>/idm_resources/403.html</form-login-page>
<form-error-page>/idm_resources/403.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>User</role-name>
</security-role>
</web-app>