On Fri, Aug 8, 2014 at 3:43 AM, <[email protected]> wrote: > > Dear Jonathan : > > Thanks, your suggestion! > > Problem Description : > I adapted our system to CAS. On simple environment(standalone), this > CASTGC cookie always ok at my browser client. > But, when I migrated system to complex environment(haproxy+cluster). > my browser always could not found this CASTGC cookie. > So, I open HAProxy debug mode and review output log. This CASTGC > cookie had arrived to HAProxy, but can't to my browser. > For this problem, I don't know how to solve it. Could you help me, > thanks! > > 1. Below, I redraw my architecture by ascii format. > +-------+ > +---> | WEB01 | <---+ > | +-------+ | > +---------+ +---------+ | | > +------------+ > | Browser | <-------> | HAProxy | <---+ +---> | CAS > Server | > +---------+ +---------+ | | > +------------+ > | +-------+ | > +---> | WEB02 | <---+ > +-------+ > > 2. I put whole HAProxy configure: > listen tda_web_http 0.0.0.0:80 > mode http > reqadd X-Forwarded-Proto:\ http > option tcpka > no option http-server-close > stats enable > stats refresh 10s > stats uri /status > stats realm Haproxy\ statistics > log global > timeout server 10m > timeout client 10m > balance source > cookie JSESSIONID prefix > cookie CASTGC indirect preserve secure > capture cookie CASTGC len 63 > option httpclose > option forwardfor > option httplog > server web01 10.10.0.1:8080 cookie web01 weight 50 check > inter 4000 > server web02 10.10.0.2:8080 cookie web02 weight 50 check > inter 4000 > > 3. Below is our HAProxy's partial debug log : > 73/0/1/182/256 302 656 - > CASTGC=TGT-98-ADcUE6hsd5zyppApgu76EkEfscDupu9OGFazAMAy9bZPKXGnC --NP > 0/0/0/0/0 0/0 "POST > /TdaJSFWeb/login?service=http://tdatwo.kh.asegroup.com/TdaJSFWeb/welcome.ase > HTTP/1.1" > 73/0/1/182/256 302 656 - > CASTGC=TGT-98-ADcUE6hsd5zyppApgu76EkEfscDupu9OGFazAMAy9bZPKXGnC --NP > 0/0/0/0/0 0/0 "POST > /TdaJSFWeb/login?service=http://tdatwo.kh.asegroup.com/TdaJSFWeb/welcome.ase > HTTP/1.1" > 74/0/0/19/93 302 199 - - --NN 0/0/0/0/0 0/0 "GET > /TdaJSFWeb/welcome.ase?ticket=ST-98-w67V0Y3G6Z2yEQwPk0zt-khtrdsso01.kh.asegroup.com > HTTP/1.1" > > ------------------------------------------------------------------------------------- > Samuel Liang > Advanced Semiconductor Engineering Group > Tel : 886-7-3636641 # 84508 .Fax : 886-7-3636663 > Email Address : [email protected] > ------------------------------------------------------------------------------------- > 2014/08/08
Hi Samuel, Could you please enable logging of response Location and Set-Cookie headers, then play again your test and share the new log lines with us? Add: capture response header Location len 64 capture response header Set-Cookie len 128 Baptiste
