0 Replies Latest reply on Oct 14, 2015 10:09 AM by vamshi appala

    JsessionidSSO is set to null in wildfly8.2 cluster setup

    vamshi appala Newbie

      Hi,

      I have setup a cluster with two Nodes[wildfly-8.2.Final] and a Apache Mod cluster acting as Load balancer. On both the servers I have deployed two webapps which are configured to use SSO.

       

       

       

      Here is the scenario where undertow is setting JSessionID to null

      1) Open URL for webapp from browser and authenticate using username and password.  Request hit Node A

      2) Perform some operations on the webpage. In the browser I can see JSESSIONID and JSESSIONIDSSO

      3)Take down nodeA, request is routed to NodeB, and I can see the JSESSIONID and JSESSIONIDSSO are retained

      4)After some time bring back NodeA and take down Node B, request is re-directed to Node A

      5)At this point I can see that JSESSIONID being transferred but JSESSIONIDSSO is set to NULL and I get 403 error

       

      Any suggestion on how to resolve this issue?

       

       

       

      Here is the undertow DUMP

      ----------------------------REQUEST---------------------------

                     URI=/xdm.portal//dispatch

      characterEncoding=null

           contentLength=407

             contentType=[text/x-gwt-rpc; charset=UTF-8]

                  cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-1-vamshi

                  cookie=JSESSIONIDSSO=OwJviw6Ae7cQvDQcKY2fsZKA

                  header=Accept=*/*

                  header=Accept-Language=en-US,en;q=0.8

                  header=X-GWT-Module-Base=http://alh-vaw7-dt.alh.mentorg.com:8081/xdm.portal/portal/

                  header=Accept-Encoding=gzip, deflate

                  header=Origin=http://alh-vaw7-dt.alh.mentorg.com:8081

                  header=User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36

                  header=Connection=keep-alive

                  header=Content-Length=407

                  header=Content-Type=text/x-gwt-rpc; charset=UTF-8

                  header=Cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-1-vamshi; JSESSIONIDSSO=OwJviw6Ae7cQvDQcKY2fsZKA

                  header=Referer=http://alh-vaw7-dt.alh.mentorg.com:8081/xdm.portal/

                  header=X-GWT-Permutation=2EC4A7D9639DBDD568463BEEB3FACF04

                  header=Host=alh-vaw7-dt.alh.mentorg.com:8081

                  locale=[en_US, en]

                  method=POST

                protocol=HTTP/1.1

             queryString=

              remoteAddr=/134.86.109.20:59879

              remoteHost=ALH-VKW7-LT.alh.mentorg.com

                  scheme=http

                    host=alh-vaw7-dt.alh.mentorg.com:8081

              serverPort=8081

      --------------------------RESPONSE--------------------------

           contentLength=5908

             contentType=text/html

                  cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-2; domain=null; path=/xdm.portal

                  cookie=JSESSIONIDSSO=null; domain=alh-vaw7-dt.alh.mentorg.com; path=null

                  header=Expires=0

                  header=Expires=0

                  header=Cache-Control=no-cache, no-store, must-revalidate

                  header=Cache-Control=no-cache, no-store, must-revalidate

                  header=X-Powered-By=Undertow/1

                  header=Set-Cookie=JSESSIONID=t4qVw8lru6N2kFzripfjTFXD.server-2; path=/xdm.portal

                  header=Set-Cookie=JSESSIONIDSSO=null; domain=alh-vaw7-dt.alh.mentorg.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 GMT

                  header=Server=WildFly/8

                  header=Pragma=no-cache

                  header=Pragma=no-cache

                  header=Date=Wed, 14 Oct 2015 13:49:37 GMT

                  header=Last-Modified=Tue, 13 Oct 2015 15:47:40 GMT

                  header=Content-Type=text/html

                  header=Content-Length=5908

                  status=200

      ==============================================================

       

       

      Below is the configuration I have been using

      standalone-ha.xml

      <server name="default-server">

                      <ajp-listener name="ajp" socket-binding="ajp"/>

                      <http-listener name="default" socket-binding="http" max-header-size="1073741824" max-post-size="1073741824"/>

                      <host name="default-host" alias="localhost">

                          <location name="/" handler="welcome-content"/>

                          <filter-ref name="server-header"/>

                          <filter-ref name="x-powered-by-header"/>

                          <filter-ref name="request-dumper"/>

                          <single-sign-on domain="alh-vaw7-dt.alh.mentorg.com" path="/"/>

                      </host>

                  </server>

       

      <cache-container name="web" default-cache="web-dist" module="org.wildfly.clustering.web.infinispan" aliases="standard-session-cache">

                      <transport  lock-timeout="300000"/>

        <replicated-cache name="repl" batching="true" mode="SYNC" remote-timeout="300000">

                          <state-transfer timeout="300000"/>

                          <file-store/>

                      </replicated-cache>

                     

                      <distributed-cache start="EAGER" name="web-dist" batching="true" mode="SYNC" remote-timeout="300000" owners="2" l1-lifespan="0">

           <!--

           <locking striping="false" acquire-timeout="60000" concurrency-level="3000"/>

        <eviction strategy="LIRS" max-entries="1000"/> -->

                                  <state-transfer timeout="300000"/>

                              <!--<file-store shared="true" preload="true"/> -->

                          <file-store />

                      </distributed-cache>

                  </cache-container>

       

       

      jboss-web.xml

      <?xml version="1.0" encoding="UTF-8"?>

      <jboss-web>

        <security-domain>iS3Login</security-domain>

        <context-root>/xdm.portal</context-root>

       

          <replication-config>

              <replication-trigger>ACCESS</replication-trigger>

              <replication-granularity>SESSION</replication-granularity>            

          </replication-config>

       

       

      </jboss-web>

       

       

      web.xml

      <?xml version="1.0" encoding="UTF-8"?>

      <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"

        version="3.0">

        <distributable/>

        

        <session-config>

        <session-timeout>15</session-timeout>

        </session-config>

        

        <security-constraint>

        <display-name>iS3 Web</display-name>

        <web-resource-collection>

        <web-resource-name>Default access</web-resource-name>

        <url-pattern>/</url-pattern>

        <http-method>GET</http-method>

        <http-method>POST</http-method>

        <http-method>PUT</http-method>

        <http-method>DELETE</http-method>

        <http-method>HEAD</http-method>

        <http-method>OPTIONS</http-method>

        <http-method>TRACE</http-method>

        </web-resource-collection>

        <auth-constraint>

        <description>iS3 Web Auth</description>

        <role-name>User</role-name>

        </auth-constraint>

        </security-constraint>

        <security-constraint>

        <display-name>Not secured</display-name>

        <web-resource-collection>

        <web-resource-name>Free access</web-resource-name>

        <url-pattern>/idm_resources/*</url-pattern>

        <url-pattern>/resources/*</url-pattern>

        </web-resource-collection>

        </security-constraint>

        <login-config>

        <auth-method>FORM</auth-method>

        <realm-name>iS3Login</realm-name>

        <form-login-config>

        <form-login-page>/idm_resources/403.html</form-login-page>

        <form-error-page>/idm_resources/403.html</form-error-page>

        </form-login-config>

        </login-config>

        <security-role>

        <role-name>User</role-name>

        </security-role>

         

      </web-app>