Here's what I believe is happening: Original request goes to server A. A's FormAuthenticator detects the need for a login, so it caches the request info in the session object and sends the login page. The request info is cached so the originally requested URL can be returned once authentication succeeds. This request info is cached in an internal data structure of the session object (the "notes" map), not in the attribute map that user code can manipulate using HttpSession.get/setAttribute(). I don't believe JBoss session replication replicates session notes, so the original request info is not replicated across the cluster.
Login form submission goes to server B. B's FormAuthenticator authenticates you, but then checks your session for the note with the original request URL. It cannot find the note (wasn't replicated) so it issues a 400 error response. Normally it would issue a redirect response sending the browser back to the original request URL. anonymous wrote : If I force a refresh, then the request is redirected back to the original JBoss instance, and the authentication is correct. When you refresh, is the browser re-posting the login form, or is it resubmitting a GET for the original URL? I expect the former; if instead of refreshing you entered the original URL in the address bar and hit enter I expect you'd get the login page again. Would like to know for sure. The SSO context is not created until a user successfully authenticates, is redirected and the browser re-requests the original URL. So, I don't think a 2nd GET back to server A would succeed, since the successful login on B would not be communicated to A. anonymous wrote : I can't see any logging generated by single sign on, even with debug="2" and log4j.xml has org.jboss at debug level. Try turning on debug logging for org.apache.catalina. To get your use case to work, I think two things would need to be done: 1) Session replication would need to replicate objects in the "notes" map. 2) An SSO context would need to be created and replicated as soon as the login was done, not as part of the 1st request following authentication. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3878504#3878504 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3878504 ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
