Hi, Can someone please clarify if tomcat 5.5 supports replication of single-sign-on sessions across cluster members, if so how to configure it ?
Thanks, Vinod ----- Original Message ---- From: ROOKIE <[EMAIL PROTECTED]> To: users@tomcat.apache.org Sent: Tuesday, May 29, 2007 5:20:03 PM Subject: SSO session replication within TC 5.5.23 cluster Hi, I have created a simple TCP cluster of 2 TC 5.5.23 servers and added a Apache 2.2 (mod_proxy) load balancer in front. Our tomcat has SSO valve enabled. I wanted to know if TC 5.5.23 supports SSO session replication ? Googling tells me that a patch was submitted for this, http://fabien.carrion.free.fr/TomcatCluster.html and even the catalina-cluster.jar has the ClusterSingleSignOn valve. But TC mailing lists suggest that the support is still not complete. In any case I have not been able to get it working. Whenever I use the SSO cookie for authentication I get 401 from all the other cluster members (except the one who generated the SSO session id). The requested resource is protected and the UserPrincipal found in the HttpRequest by the other cluster members is null. I use a customized NTLM authenticator which expects a non-null UserPrincipal in the HttpRequest if user is already authenticated. Following is my cluster node in server.xml (embedded in Host node) : <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster" clusterName="rooksCluster" managerClassName="org.apache.catalina.cluster.session.DeltaManager" expireSessionsOnShutdown="false" useDirtyFlag="true" notifyListenersOnReplication="true"> <!--Shared between the whole cluster--> <Membership className="org.apache.catalina.cluster.mcast.McastService" mcastAddr="228.0.0.4" mcastPort="45564" mcastFrequency="500" mcastDropTime="3000"/> <!--Unique listen port for each cluster node--> <Receiver className="org.apache.catalina.cluster.tcp.ReplicationListener" tcpListenAddress="auto" tcpListenPort="4002" tcpSelectorTimeout="100" tcpThreadCount="4"/> <Sender className="org.apache.catalina.cluster.tcp.ReplicationTransmitter" replicationMode="pooled" ackTimeout="15000" waitForAck="true"/> <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve" filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/> <Valve className="org.apache.catalina.cluster.authenticator.ClusterSingleSignOn" debug="0"/> <Valve className="org.apache.catalina.cluster.session.JvmRouteBinderValve" enabled="true" sessionIdAttribute="takeoverSessionid"/> <ClusterListener className="org.apache.catalina.cluster.session.JvmRouteSessionIDBinderListener" /> <ClusterListener className="org.apache.catalina.cluster.session.ClusterSessionListener"/> </Cluster> Any ideas why SSO session replication is not working, is it a configuration error or does TC 5.5.23 not support this. TIA, Vinod ____________________________________________________________________________________Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ____________________________________________________________________________________Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]