Re: mod-proxy with sticky JSESSIONID and SiteMinder.

Fri, 08 Jul 2022 08:46:12 -0700 

Jon,

On 7/8/22 11:30, jonmcalexander.wellsfargo.com via dev wrote:

Hi Christopher, nice to see a familiar name. :-)

Currently we have it down to a SSL Handshake Failure between the Tomcat server 
and the SiteMinder server.

com.wellsfargo.mortgage.feature.wff.authorization.login.mvc.UserLoginChannelSecureHelper
 08 Jul 2022 08:06:39,505 ERROR [https-jsse-nio-8305-exec-6]: DEVT: ilonline: 
Unable to get Channel Secure Session: Unable to perform siteminder handshake
java.lang.Exception: Unable to perform siteminder handshake


Any more detail, other than a stack trace? Did you check your certs?
This looks like the Tomcat side of the connection, since it's a Java stack trace. Is this what happens when mod_proxy connects to Tomcat, or is this your application or some other component reaching-out from Tomcat to elsewhere? I ask because Tomcat is unlikely to emit an error message saying "Unable to perform siteminder handshake". 

Another dumb question: I've been assuming we are talking about:

client (e.g. browser) -> mod_proxy -> Tomcat -> application
This is because you said "this was working with mod_jk" and mod_jk doesn't do forward-proxying, only reverse-proxying.
But the error message suggests that this has nothing to do with the connection from httpd / mod_proxy -> Tomcat. 

-chris


-----Original Message-----
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Friday, July 8, 2022 10:03 AM
To: dev@httpd.apache.org
Subject: Re: mod-proxy with sticky JSESSIONID and SiteMinder.

Jon,

On 7/7/22 16:56, jonmcalexander.wellsfargo.com via dev wrote:

Seem to have an issue with mod-proxy and making the JSESSIONID and the
SMSESSION cookie sticky. How can this be done? This setup was working
with mod-jk, but when moving to mod-proxy over https it’s not working.
We are configured to use mutual authentication between apache and
tomcat (for proxy only), but with the certificateVerification set to
required in Tomcat, we are getting a
java.base/sun.security.ssl.Alert.createSSLException and with setting
it to optional, we are getting a javax.net.ssl.SSLHandshakeException:
Received fatal alert: bad_certificate error (extensive).


Did you double-check the client and server certs to make sure they haven't
expired or anything silly like that?

It sounds like you are reporting multiple problems, here.

Which one is most urgent/problematic? We'll solve one thing at a time.

-chris

Reply via email to