On 22/06/2010 06:09, Andrew Bruno wrote: > Oh sorry, I re-read your answer. Not sure why SSO is not working, be > interested to find out though..
You were right to ask about configuration. We can't really begin to analyze the problem until we've seen the cluster config and know the usual OS, JVM, HTTPD/mod_jk/mod_proxy/loadbalancer & other relevant version/config information. p > AB > > On Tue, Jun 22, 2010 at 3:04 PM, Andrew Bruno <andrew.br...@gmail.com> wrote: >> Hi Yasushi >> >> In your serverl.xml have you added the jvmroute to the Engine? >> >> i.e. >> >> <Engine name="Catalina" defaultHost="localhost" jvmRoute="1"> >> >> Andrew >> >> On Tue, Jun 22, 2010 at 2:50 PM, Okubo, Yasushi (TSD) >> <yasushi.ok...@takedasd.com> wrote: >>> Hi Andrew >>> >>> Thank for your post. When I checked the session id from firefox, sso >>> session id [jsessionidsso] does not have jvmroute info, but only jsessionid >>> has jvmroute. So, session replication upon failover is working fine, but >>> singlesionon upon failover is not working on tomcat 6.0.x (including >>> 6.0.26). >>> >>> yasushi >>> >>> -----Original Message----- >>> From: Andrew Bruno [mailto:andrew.br...@gmail.com] >>> Sent: Monday, June 21, 2010 9:18 PM >>> To: Tomcat Users List >>> Subject: Re: question for sso session replication in tomcat 6.0.26 >>> >>> Looking at the code I think this is wrong >>> >>> if (!_ssoSessionId.contains("." + jvmRoute)) { >>> _ssoSessionId += "." + jvmRoute; >>> response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId)); >>> } >>> >>> The original sessionId will already have the "."+_any_other_jvmRoute >>> included, so you need to substring it, and append the new jvmRoute. >>> >>> _ssoSessionId= _ssoSessionId.substring(0, _ssoSessionId.indexOf(".")) >>> >>> and then add >>> >>> _ssoSessionId += "." + jvmRoute; >>> >>> AB >>> >>> On Tue, Jun 22, 2010 at 1:03 PM, Okubo, Yasushi (TSD) >>> <yasushi.ok...@takedasd.com> wrote: >>>> Hi experts >>>> >>>> >>>> >>>> I found this old email from archive in TC 5.5.23. >>>> >>>> Does this problem still exist in tomcat 6.0.x or 6.0.26? >>>> >>>> >>>> >>>> When failover occurs, sso session id is updated with new number after >>>> forcing a user to relogin to the application since sso session id is not >>>> replicated and rewritten correctly. Could someone explain what is >>>> expected in current tomcat 6.0.x cluster upon failover? Should sso >>>> session id is replicated correctly in tomcat 6.0.x? >>>> >>>> >>>> >>>> Thanks, >>>> >>>> yasushi >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> ROOKIE wrote: >>>> Hi, >>>> I have a problem with tomcat cluster + mod_proxy load balancer : >>>> >>>> We have a main app which authenticate itself to a webapp and from this >>>> app one >>>> can launch embedded apps which use the SSO cookie to access other >>>> webapps on >>>> the server (Single-Sign-On for the user). >>>> >>>> Things are working perfectly for the normal cookie but not for the sso >>>> cookie. >>>> >>>> >>>> The problem I have is that tomcat does not replicate SSO sessions so >>>> when these embedded apps route through the load balancer we get 401s on >>>> all the other cluster members except the one which actually generated >>>> the SSO cookie. >>>> >>>> I wanted to know if we can edit the SSO cookie generated by tomcat to >>>> also >>>> contain the jvmRoute parameter so that the load balancer directly goes >>>> to the >>>> correct cluster member. >>>> >>>> >>>> I tried doing this in my code by fetching the SSO cookie and appending >>>> to it >>>> the jvmRoute as follows : >>>> >>>> HttpServletRequest request = >>>> (HttpServletRequest)Security.getContext(HttpServletRequest.class); >>>> HttpServletResponse response = >>>> (HttpServletResponse)Security.getContext(HttpServletResponse.class); >>>> if(request != null) { >>>> String jvmRoute = "Vinod_Cluster_1"; // as mentioned in >>>> server.xml >>>> Cookie[] cookies = request.getCookies(); >>>> for(int nc=0; cookies != null && nc < cookies.length; nc++) >>>> { >>>> if(_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) { >>>> _sessionId = cookies[nc].getValue(); >>>> } >>>> >>>> else if(_SSO_SESSION_COOKIE_NAME.equals(cookies[nc].getName())) { >>>> >>>> _ssoSessionId = cookies[nc].getValue(); >>>> if (!_ssoSessionId.contains("." + jvmRoute)) { >>>> _ssoSessionId += "." + jvmRoute; >>>> >>>> response.addCookie(new Cookie(_SSO_SESSION_COOKIE_NAME, _ssoSessionId)); >>>> } >>>> >>>> >>>> } >>>> >>>> >>>> But after this I started getting 401s from even the correct cluster >>>> member. My guess is addCookie doesnt update the cookie in tomcat's cache >>>> which is reasonable. >>>> >>>> Other thought was to edit tomcat's sso cookie generation code to append >>>> the >>>> jvmRoute to the sso cookie. >>>> >>>> >>>> Is there an better way to achieve this in my code base ? >>>> >>>> Thanks In Advance, >>>> Vinod >>>> >>>> >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: OpenPGP digital signature
