3 Replies Latest reply on Mar 17, 2017 1:06 AM by Pradhap Rajamani

    Issue with picketlink IDP in jboss eap 6.1.0 clustered environment

    Pradhap Rajamani Newbie

      Hi All,

       

      I have a jboss server which is working in master slave configuration with a load balancer in mod_cluster configuration .Both sticky session and session replication are enabled. when I configure picketlink IDP in this environment i'm getting a strange issue .The saml token generated in my IDP is getting expired very earlier even though my session is alive .so when i'm trying to redirect from one SP to another i'm getting redirected to login page of my IDP. I have given token timeout as 1800000 ms(30 min).but it is getting expired very earlier .

       

      After debugging my issue I found that after successful login a session is getting created in one server (assume it as server 1) of my clustered IDP jboss servers .I got redirected to one SP, now when I try to redirect to another SP ,that SP in turn will send a request to IDP to check for any existing SAML token .Here if this request goes to server 1 of my IDP things are working fine I got redirected to the homepage of my second SP .But if that request goes to another server (assume server 2) ,Though session is getting replicated between servers, I'm getting redirected to login page of my IDP.

       

      Here my problem is SAML token generated in my IDP is not getting shared between my clustered JBOSS servers even though session replication is enabled.

       

      one more thing here is that, same set of IDP and SP configuration are working fine in my local i.e, in a non clustered environment of jboss which is running in standalone mode.

       

      can anyone please help me in resolving this issue . I have been surfing in internet for this issue for more than three weeks and still unable to find a solution.

       

      my JBOSS server is EAP 6.1.0 and version of picketlink i'm using is 2.7.1 final