Re: SSO session replication within TC 5.5.23 cluster
you sure can, there is a single sign on valve, you would have to change
the code for that one
filip
ROOKIE wrote:
Hi Filip,
I had posted earlier and u had confirmed that SSO replication is not complete.
I would like to know if there is a way by which I can edit the SSO cookie generated by tomcat to also contain jvmRoute (mentioned in Engine node in server.xml) so that my load balancer rewrites my SSO sessions directly to the correct cluster member.
Thanks,
Vinod
- Original Message
From: Filip Hanik - Dev Lists <[EMAIL PROTECTED]>
To: Tomcat Users List
Sent: Tuesday, August 7, 2007 9:40:04 PM
Subject: Re: SSO session replication within TC 5.5.23 cluster
I'm not sure the replicated SSO cookie implementation ever was
completed, I think it was abandoned before it reached a functional stage
Filip
ROOKIE wrote:
Hi,
I have a problem with tomcat cluster + mod_proxy load balancer :
We have a main app which authenticate itself to a webapp and from this app one
can launch embedded apps which use the SSO cookie to access other webapps on
the server (Single-Sign-On for the user).
Things are working perfectly for the normal cookie but not for the sso cookie.
The problem I have is that tomcat does not replicate SSO sessions so when these embedded apps route through the load balancer we get 401s on all the other cluster members except the one which actually generated the SSO cookie.
I wanted to know if we can edit the SSO cookie generated by tomcat to also
contain the jvmRoute parameter so that the load balancer directly goes to the
correct cluster member.
I tried doing this in my code by fetching the SSO cookie and appending to it
the jvmRoute as follows :
HttpServletRequest request =
(HttpServletRequest)Security.getContext(HttpServletRequest.class);
HttpServletResponse response =
(HttpServletResponse)Security.getContext(HttpServletResponse.class);
if(request != null) {
String jvmRoute = "Vinod_Cluster_1";// as mentioned in
server.xml
Cookie[] cookies = request.getCookies();
for(int nc=0; cookies != null && nc < cookies.length; nc++) {
if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
_sessionId = cookies[nc].getValue();
}
else
if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
_ssoSessionId = cookies[nc].getValue();
if (!_ssoSessionId.contains("." + jvmRoute)) {
_ssoSessionId += "." + jvmRoute;
response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
}
}
But after this I started getting 401s from even the correct cluster member. My guess is addCookie doesnt update the cookie in tomcat's cache which is reasonable.
Other thought was to edit tomcat's sso cookie generation code to append the
jvmRoute to the sso cookie.
Is there an better way to achieve this in my code base ?
Thanks In Advance,
Vinod
- Original Message
From: Filip Hanik - Dev Lists <[EMAIL PROTECTED]>
To: Tomcat Users List
Sent: Wednesday, May 30, 2007 2:49:59 PM
Subject: Re: SSO session replication within TC 5.5.23 cluster
It was contributed but never completed, so it is not working properly
Filip
ROOKIE wrote:
Hi,
Can someone please clarify if tomcat 5.5 supports replication of single-sign-on
sessions across cluster members, if so how to configure it ?
Thanks,
Vinod
- Original Message
From: ROOKIE <[EMAIL PROTECTED]>
To: users@tomcat.apache.org
Sent: Tuesday, May 29, 2007 5:20:03 PM
Subject: SSO session replication within TC 5.5.23 cluster
Hi,
I have created a simple TCP cluster of 2 TC 5.5.23 servers and added a Apache
2.2 (mod_proxy) load balancer in front. Our tomcat has SSO valve enabled.
I wanted to know if TC 5.5.23 supports SSO session replication ?
Googling tells me that a patch was submitted for this,
http://fabien.carrion.free.fr/TomcatCluster.html and even the
catalina-cluster.jar has the ClusterSingleSignOn valve. But TC mailing lists
suggest that the support is still not complete.
In any case I have not been able to get it working.
Whenever I use the SSO cookie for authentication I get 401 from all the other cluster members (except the one who generated the SSO session id).
The requested resource is protected and the UserPrincipal found in the
HttpRequest by the other cluster members is null. I use a customized NTLM
authenticator which expects a non-null UserPrincipal in the HttpRequest if user
is already authenticated.
Following is my cluster node in server.xml (embedded in Host node) :
className="org.apache.catalina.cluster.mcast.McastService"
Re: SSO session replication within TC 5.5.23 cluster
Hi Filip,
I had posted earlier and u had confirmed that SSO replication is not complete.
I would like to know if there is a way by which I can edit the SSO cookie
generated by tomcat to also contain jvmRoute (mentioned in Engine node in
server.xml) so that my load balancer rewrites my SSO sessions directly to the
correct cluster member.
Thanks,
Vinod
- Original Message
From: Filip Hanik - Dev Lists <[EMAIL PROTECTED]>
To: Tomcat Users List
Sent: Tuesday, August 7, 2007 9:40:04 PM
Subject: Re: SSO session replication within TC 5.5.23 cluster
I'm not sure the replicated SSO cookie implementation ever was
completed, I think it was abandoned before it reached a functional stage
Filip
ROOKIE wrote:
> Hi,
> I have a problem with tomcat cluster + mod_proxy load balancer :
>
> We have a main app which authenticate itself to a webapp and from this app
> one can launch embedded apps which use the SSO cookie to access other webapps
> on the server (Single-Sign-On for the user).
>
> Things are working perfectly for the normal cookie but not for the sso cookie.
>
> The problem I have is that tomcat does not replicate SSO sessions so when
> these embedded apps route through the load balancer we get 401s on all the
> other cluster members except the one which actually generated the SSO cookie.
>
> I wanted to know if we can edit the SSO cookie generated by tomcat to also
> contain the jvmRoute parameter so that the load balancer directly goes to the
> correct cluster member.
>
>
> I tried doing this in my code by fetching the SSO cookie and appending to it
> the jvmRoute as follows :
>
> HttpServletRequest request =
> (HttpServletRequest)Security.getContext(HttpServletRequest.class);
> HttpServletResponse response =
> (HttpServletResponse)Security.getContext(HttpServletResponse.class);
> if(request != null) {
> String jvmRoute = "Vinod_Cluster_1";// as mentioned in
> server.xml
> Cookie[] cookies = request.getCookies();
> for(int nc=0; cookies != null && nc < cookies.length; nc++) {
> if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
> _sessionId = cookies[nc].getValue();
> }
> else
> if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
> _ssoSessionId = cookies[nc].getValue();
> if (!_ssoSessionId.contains("." + jvmRoute)) {
> _ssoSessionId += "." + jvmRoute;
> response.addCookie(new
> Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
> }
>
> }
>
> But after this I started getting 401s from even the correct cluster member.
> My guess is addCookie doesnt update the cookie in tomcat's cache which is
> reasonable.
>
> Other thought was to edit tomcat's sso cookie generation code to append the
> jvmRoute to the sso cookie.
>
> Is there an better way to achieve this in my code base ?
>
> Thanks In Advance,
> Vinod
> - Original Message
> From: Filip Hanik - Dev Lists <[EMAIL PROTECTED]>
> To: Tomcat Users List
> Sent: Wednesday, May 30, 2007 2:49:59 PM
> Subject: Re: SSO session replication within TC 5.5.23 cluster
>
> It was contributed but never completed, so it is not working properly
>
> Filip
>
> ROOKIE wrote:
>
>> Hi,
>> Can someone please clarify if tomcat 5.5 supports replication of
>> single-sign-on sessions across cluster members, if so how to configure it ?
>>
>> Thanks,
>> Vinod
>>
>> - Original Message
>> From: ROOKIE <[EMAIL PROTECTED]>
>> To: users@tomcat.apache.org
>> Sent: Tuesday, May 29, 2007 5:20:03 PM
>> Subject: SSO session replication within TC 5.5.23 cluster
>>
>> Hi,
>>
>> I have created a simple TCP cluster of 2 TC 5.5.23 servers and added a
>> Apache 2.2 (mod_proxy) load balancer in front. Our tomcat has SSO valve
>> enabled.
>>
>> I wanted to know if TC 5.5.23 supports SSO session replication ?
>>
>> Googling tells me that a patch was submitted for this,
>> http://fabien.carrion.free.fr/TomcatCluster.html and even the
>> catalina-cluster.jar has the ClusterSingleSignOn valve. But TC mailing lists
>> suggest that the support is still not complete.
>>
>> In any case I have not been able to get it working.
>>
>> Whenever I use the SSO cookie for authentication I get 401 from all the
>> other cluster members (except the one who generated the
Re: SSO session replication within TC 5.5.23 cluster
I'm not sure the replicated SSO cookie implementation ever was
completed, I think it was abandoned before it reached a functional stage
Filip
ROOKIE wrote:
Hi,
I have a problem with tomcat cluster + mod_proxy load balancer :
We have a main app which authenticate itself to a webapp and from this app one
can launch embedded apps which use the SSO cookie to access other webapps on
the server (Single-Sign-On for the user).
Things are working perfectly for the normal cookie but not for the sso cookie.
The problem I have is that tomcat does not replicate SSO sessions so when these embedded apps route through the load balancer we get 401s on all the other cluster members except the one which actually generated the SSO cookie.
I wanted to know if we can edit the SSO cookie generated by tomcat to also
contain the jvmRoute parameter so that the load balancer directly goes to the
correct cluster member.
I tried doing this in my code by fetching the SSO cookie and appending to it
the jvmRoute as follows :
HttpServletRequest request =
(HttpServletRequest)Security.getContext(HttpServletRequest.class);
HttpServletResponse response =
(HttpServletResponse)Security.getContext(HttpServletResponse.class);
if(request != null) {
String jvmRoute = "Vinod_Cluster_1";// as mentioned in
server.xml
Cookie[] cookies = request.getCookies();
for(int nc=0; cookies != null && nc < cookies.length; nc++) {
if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
_sessionId = cookies[nc].getValue();
}
else
if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
_ssoSessionId = cookies[nc].getValue();
if (!_ssoSessionId.contains("." + jvmRoute)) {
_ssoSessionId += "." + jvmRoute;
response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId));
}
}
But after this I started getting 401s from even the correct cluster member. My guess is addCookie doesnt update the cookie in tomcat's cache which is reasonable.
Other thought was to edit tomcat's sso cookie generation code to append the
jvmRoute to the sso cookie.
Is there an better way to achieve this in my code base ?
Thanks In Advance,
Vinod
- Original Message
From: Filip Hanik - Dev Lists <[EMAIL PROTECTED]>
To: Tomcat Users List
Sent: Wednesday, May 30, 2007 2:49:59 PM
Subject: Re: SSO session replication within TC 5.5.23 cluster
It was contributed but never completed, so it is not working properly
Filip
ROOKIE wrote:
Hi,
Can someone please clarify if tomcat 5.5 supports replication of single-sign-on
sessions across cluster members, if so how to configure it ?
Thanks,
Vinod
- Original Message
From: ROOKIE <[EMAIL PROTECTED]>
To: users@tomcat.apache.org
Sent: Tuesday, May 29, 2007 5:20:03 PM
Subject: SSO session replication within TC 5.5.23 cluster
Hi,
I have created a simple TCP cluster of 2 TC 5.5.23 servers and added a Apache
2.2 (mod_proxy) load balancer in front. Our tomcat has SSO valve enabled.
I wanted to know if TC 5.5.23 supports SSO session replication ?
Googling tells me that a patch was submitted for this,
http://fabien.carrion.free.fr/TomcatCluster.html and even the
catalina-cluster.jar has the ClusterSingleSignOn valve. But TC mailing lists
suggest that the support is still not complete.
In any case I have not been able to get it working.
Whenever I use the SSO cookie for authentication I get 401 from all the other cluster members (except the one who generated the SSO session id).
The requested resource is protected and the UserPrincipal found in the
HttpRequest by the other cluster members is null. I use a customized NTLM
authenticator which expects a non-null UserPrincipal in the HttpRequest if user
is already authenticated.
Following is my cluster node in server.xml (embedded in Host node) :
className="org.apache.catalina.cluster.mcast.McastService"
mcastAddr="228.0.0.4"
mcastPort="45564"
mcastFrequency="500"
mcastDropTime="3000"/>
className="org.apache.catalina.cluster.tcp.ReplicationListener"
tcpListenAddress="auto"
tcpListenPort="4002"
tcpSelectorTimeout="100"
tcpThreadCount="4"/>
Any ideas why SSO session replication is not working, is it a configuration
error or does TC 5.5.23 not support this.
TIA,
Vi
Re: SSO session replication within TC 5.5.23 cluster
Hi,
I have a problem with tomcat cluster + mod_proxy load balancer :
We have a main app which authenticate itself to a webapp and from this app one
can launch embedded apps which use the SSO cookie to access other webapps on
the server (Single-Sign-On for the user).
Things are working perfectly for the normal cookie but not for the sso cookie.
The problem I have is that tomcat does not replicate SSO sessions so when these
embedded apps route through the load balancer we get 401s on all the other
cluster members except the one which actually generated the SSO cookie.
I wanted to know if we can edit the SSO cookie generated by tomcat to also
contain the jvmRoute parameter so that the load balancer directly goes to the
correct cluster member.
I tried doing this in my code by fetching the SSO cookie and appending to it
the jvmRoute as follows :
HttpServletRequest request =
(HttpServletRequest)Security.getContext(HttpServletRequest.class);
HttpServletResponse response =
(HttpServletResponse)Security.getContext(HttpServletResponse.class);
if(request != null) {
String jvmRoute = "Vinod_Cluster_1";// as mentioned in
server.xml
Cookie[] cookies = request.getCookies();
for(int nc=0; cookies != null && nc < cookies.length; nc++) {
if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
_sessionId = cookies[nc].getValue();
}
else
if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) {
_ssoSessionId = cookies[nc].getValue();
if (!_ssoSessionId.contains("." + jvmRoute)) {
_ssoSessionId += "." + jvmRoute;
response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME,
_ssoSessionId));
}
}
But after this I started getting 401s from even the correct cluster member. My
guess is addCookie doesnt update the cookie in tomcat's cache which is
reasonable.
Other thought was to edit tomcat's sso cookie generation code to append the
jvmRoute to the sso cookie.
Is there an better way to achieve this in my code base ?
Thanks In Advance,
Vinod
- Original Message
From: Filip Hanik - Dev Lists <[EMAIL PROTECTED]>
To: Tomcat Users List
Sent: Wednesday, May 30, 2007 2:49:59 PM
Subject: Re: SSO session replication within TC 5.5.23 cluster
It was contributed but never completed, so it is not working properly
Filip
ROOKIE wrote:
> Hi,
> Can someone please clarify if tomcat 5.5 supports replication of
> single-sign-on sessions across cluster members, if so how to configure it ?
>
> Thanks,
> Vinod
>
> - Original Message
> From: ROOKIE <[EMAIL PROTECTED]>
> To: users@tomcat.apache.org
> Sent: Tuesday, May 29, 2007 5:20:03 PM
> Subject: SSO session replication within TC 5.5.23 cluster
>
> Hi,
>
> I have created a simple TCP cluster of 2 TC 5.5.23 servers and added a Apache
> 2.2 (mod_proxy) load balancer in front. Our tomcat has SSO valve enabled.
>
> I wanted to know if TC 5.5.23 supports SSO session replication ?
>
> Googling tells me that a patch was submitted for this,
> http://fabien.carrion.free.fr/TomcatCluster.html and even the
> catalina-cluster.jar has the ClusterSingleSignOn valve. But TC mailing lists
> suggest that the support is still not complete.
>
> In any case I have not been able to get it working.
>
> Whenever I use the SSO cookie for authentication I get 401 from all the other
> cluster members (except the one who generated the SSO session id).
>
> The requested resource is protected and the UserPrincipal found in the
> HttpRequest by the other cluster members is null. I use a customized NTLM
> authenticator which expects a non-null UserPrincipal in the HttpRequest if
> user is already authenticated.
>
> Following is my cluster node in server.xml (embedded in Host node) :
>
> clusterName="rooksCluster"
>
> managerClassName="org.apache.catalina.cluster.session.DeltaManager"
> expireSessionsOnShutdown="false"
> useDirtyFlag="true"
> notifyListenersOnReplication="true">
>
>
> className="org.apache.catalina.cluster.mcast.McastService"
> mcastAddr="228.0.0.4"
> mcastPort="45564"
> mcastFrequency="500"
> mcastDropTime="3000"/>
>
>
> className="org.apache.catalina.cluster.tcp.ReplicationListener"
> tcpListenAddress=&qu
Re: SSO session replication within TC 5.5.23 cluster
It was contributed but never completed, so it is not working properly Filip ROOKIE wrote: Hi, Can someone please clarify if tomcat 5.5 supports replication of single-sign-on sessions across cluster members, if so how to configure it ? Thanks, Vinod - Original Message From: ROOKIE <[EMAIL PROTECTED]> To: users@tomcat.apache.org Sent: Tuesday, May 29, 2007 5:20:03 PM Subject: SSO session replication within TC 5.5.23 cluster Hi, I have created a simple TCP cluster of 2 TC 5.5.23 servers and added a Apache 2.2 (mod_proxy) load balancer in front. Our tomcat has SSO valve enabled. I wanted to know if TC 5.5.23 supports SSO session replication ? Googling tells me that a patch was submitted for this, http://fabien.carrion.free.fr/TomcatCluster.html and even the catalina-cluster.jar has the ClusterSingleSignOn valve. But TC mailing lists suggest that the support is still not complete. In any case I have not been able to get it working. Whenever I use the SSO cookie for authentication I get 401 from all the other cluster members (except the one who generated the SSO session id). The requested resource is protected and the UserPrincipal found in the HttpRequest by the other cluster members is null. I use a customized NTLM authenticator which expects a non-null UserPrincipal in the HttpRequest if user is already authenticated. Following is my cluster node in server.xml (embedded in Host node) : className="org.apache.catalina.cluster.mcast.McastService" mcastAddr="228.0.0.4" mcastPort="45564" mcastFrequency="500" mcastDropTime="3000"/> className="org.apache.catalina.cluster.tcp.ReplicationListener" tcpListenAddress="auto" tcpListenPort="4002" tcpSelectorTimeout="100" tcpThreadCount="4"/> Any ideas why SSO session replication is not working, is it a configuration error or does TC 5.5.23 not support this. TIA, Vinod Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSO session replication within TC 5.5.23 cluster
Hi, Can someone please clarify if tomcat 5.5 supports replication of single-sign-on sessions across cluster members, if so how to configure it ? Thanks, Vinod - Original Message From: ROOKIE <[EMAIL PROTECTED]> To: users@tomcat.apache.org Sent: Tuesday, May 29, 2007 5:20:03 PM Subject: SSO session replication within TC 5.5.23 cluster Hi, I have created a simple TCP cluster of 2 TC 5.5.23 servers and added a Apache 2.2 (mod_proxy) load balancer in front. Our tomcat has SSO valve enabled. I wanted to know if TC 5.5.23 supports SSO session replication ? Googling tells me that a patch was submitted for this, http://fabien.carrion.free.fr/TomcatCluster.html and even the catalina-cluster.jar has the ClusterSingleSignOn valve. But TC mailing lists suggest that the support is still not complete. In any case I have not been able to get it working. Whenever I use the SSO cookie for authentication I get 401 from all the other cluster members (except the one who generated the SSO session id). The requested resource is protected and the UserPrincipal found in the HttpRequest by the other cluster members is null. I use a customized NTLM authenticator which expects a non-null UserPrincipal in the HttpRequest if user is already authenticated. Following is my cluster node in server.xml (embedded in Host node) : Any ideas why SSO session replication is not working, is it a configuration error or does TC 5.5.23 not support this. TIA, Vinod Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSO session replication within TC 5.5.23 cluster
Hi, I have created a simple TCP cluster of 2 TC 5.5.23 servers and added a Apache 2.2 (mod_proxy) load balancer in front. Our tomcat has SSO valve enabled. I wanted to know if TC 5.5.23 supports SSO session replication ? Googling tells me that a patch was submitted for this, http://fabien.carrion.free.fr/TomcatCluster.html and even the catalina-cluster.jar has the ClusterSingleSignOn valve. But TC mailing lists suggest that the support is still not complete. In any case I have not been able to get it working. Whenever I use the SSO cookie for authentication I get 401 from all the other cluster members (except the one who generated the SSO session id). The requested resource is protected and the UserPrincipal found in the HttpRequest by the other cluster members is null. I use a customized NTLM authenticator which expects a non-null UserPrincipal in the HttpRequest if user is already authenticated. Following is my cluster node in server.xml (embedded in Host node) : Any ideas why SSO session replication is not working, is it a configuration error or does TC 5.5.23 not support this. TIA, Vinod Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
