Re: problem with tomcat clusters sso with apache load balancer
Thank you for your answers. As a workarround (forgetting about clustering), can I use 2 tomcat instances with different WARs but both using sso? For instance: Machine 1 - tomcat #1 - a.war Machine 2 - tomcat #2 - b.war both with sso, so when I log-in in application a I am also logged in application b Regards, Alejandro - Original Message - From: Peter Rossbach [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, May 03, 2007 3:16 PM Subject: Re: problem with tomcat clusters sso with apache load balancer Hi, the clusterSSO implementation is not ready: - at normal shutdown from one application or a node all sessions are expired. clusterSSO is a normal session listener and context stop expires all sessions. - The sessionID rewrite from JvmRouteBinderValve are not coordinated with clusterSSO sessionID cache. - I have made some improvements at the tomcat 5.5 backport :-( Peter Am 03.05.2007 um 19:24 schrieb Filip Hanik - Dev Lists: I don't think the clusterSSO implementation ever really got finished. It got submitted, but never completed. At least that was my impression of it Filip Alejandro Fernandez wrote: Hi, I am Alejandro from Argentina. I am having an issue with tomcat 6.0.10 using clusters and single sign on, while performing load balance with apache 2.2 When I am accessing a secured page, I try to login (the login form is shown correctly) but I receive the following: HTTP Status 400 - Invalid direct reference to form login page Note: The load balancer makes me switch between 2 tomcat servers. One switch by page request. Please tell me if the info is not enough. Thank you in advance. - - httpd.conf - - Location /balancer-manager SetHandler balancer-manager /Location Proxy balancer://cluster BalancerMember ajp://sismcarrizo:8009 BalancerMember ajp://servisitadores4:8009 /Proxy Proxy balancer://clusterb BalancerMember ajp://servisitadores4:8009 /Proxy Location /portal-a ProxyPass balancer://cluster/portal-a stickysession=JSESSIONID /Location Location /portal-b ProxyPass balancer://clusterb/portal-b stickysession=JSESSIONID /Location Location /portal-c ProxyPass balancer://cluster/portal-c stickysession=JSESSIONID /Location Location /accesos-sso ProxyPass balancer://cluster/accesos-sso stickysession=JSESSIONID /Location - - server.xml - - Engine name=Catalina defaultHost=localhost Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitte r Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSen der/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDe tector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispa tch15Interceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=/tmp/war-temp/ deployDir=/tmp/war-deploy/ watchDir=/tmp/war-listen/ watchEnabled=false/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderList ener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Realm className=org.apache.catalina.realm.JDBCRealm driverName
Re: problem with tomcat clusters sso with apache load balancer
Alejandro Fernandez wrote: Thank you for your answers. As a workarround (forgetting about clustering), can I use 2 tomcat instances with different WARs but both using sso? For instance: Machine 1 - tomcat #1 - a.war Machine 2 - tomcat #2 - b.war both with sso, so when I log-in in application a I am also logged in application b Nope. The SSO info is stored in the memory of each Tomcat instance; which they obviously don't share. Regards, Alejandro - Original Message - From: Peter Rossbach [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, May 03, 2007 3:16 PM Subject: Re: problem with tomcat clusters sso with apache load balancer Hi, the clusterSSO implementation is not ready: - at normal shutdown from one application or a node all sessions are expired. clusterSSO is a normal session listener and context stop expires all sessions. - The sessionID rewrite from JvmRouteBinderValve are not coordinated with clusterSSO sessionID cache. - I have made some improvements at the tomcat 5.5 backport :-( Peter Am 03.05.2007 um 19:24 schrieb Filip Hanik - Dev Lists: I don't think the clusterSSO implementation ever really got finished. It got submitted, but never completed. At least that was my impression of it Filip Alejandro Fernandez wrote: Hi, I am Alejandro from Argentina. I am having an issue with tomcat 6.0.10 using clusters and single sign on, while performing load balance with apache 2.2 When I am accessing a secured page, I try to login (the login form is shown correctly) but I receive the following: HTTP Status 400 - Invalid direct reference to form login page Note: The load balancer makes me switch between 2 tomcat servers. One switch by page request. Please tell me if the info is not enough. Thank you in advance. - - httpd.conf - - Location /balancer-manager SetHandler balancer-manager /Location Proxy balancer://cluster BalancerMember ajp://sismcarrizo:8009 BalancerMember ajp://servisitadores4:8009 /Proxy Proxy balancer://clusterb BalancerMember ajp://servisitadores4:8009 /Proxy Location /portal-a ProxyPass balancer://cluster/portal-a stickysession=JSESSIONID /Location Location /portal-b ProxyPass balancer://clusterb/portal-b stickysession=JSESSIONID /Location Location /portal-c ProxyPass balancer://cluster/portal-c stickysession=JSESSIONID /Location Location /accesos-sso ProxyPass balancer://cluster/accesos-sso stickysession=JSESSIONID /Location - - server.xml - - Engine name=Catalina defaultHost=localhost Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitte r Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSen der/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDe tector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispa tch15Interceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=/tmp/war-temp/ deployDir=/tmp/war-deploy/ watchDir=/tmp/war-listen/ watchEnabled=false/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderList ener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.microsoft.jdbc.sqlserver.SQLServerDriver connectionURL=jdbc:microsoft:sqlserver:// desa-0:1433
Re: problem with tomcat clusters sso with apache load balancer
Hi, the clusterSSO implementation is not ready: - at normal shutdown from one application or a node all sessions are expired. clusterSSO is a normal session listener and context stop expires all sessions. - The sessionID rewrite from JvmRouteBinderValve are not coordinated with clusterSSO sessionID cache. - I have made some improvements at the tomcat 5.5 backport :-( Peter Am 03.05.2007 um 19:24 schrieb Filip Hanik - Dev Lists: I don't think the clusterSSO implementation ever really got finished. It got submitted, but never completed. At least that was my impression of it Filip Alejandro Fernandez wrote: Hi, I am Alejandro from Argentina. I am having an issue with tomcat 6.0.10 using clusters and single sign on, while performing load balance with apache 2.2 When I am accessing a secured page, I try to login (the login form is shown correctly) but I receive the following: HTTP Status 400 - Invalid direct reference to form login page Note: The load balancer makes me switch between 2 tomcat servers. One switch by page request. Please tell me if the info is not enough. Thank you in advance. - - httpd.conf - - Location /balancer-manager SetHandler balancer-manager /Location Proxy balancer://cluster BalancerMember ajp://sismcarrizo:8009 BalancerMember ajp://servisitadores4:8009 /Proxy Proxy balancer://clusterb BalancerMember ajp://servisitadores4:8009 /Proxy Location /portal-a ProxyPass balancer://cluster/portal-a stickysession=JSESSIONID /Location Location /portal-b ProxyPass balancer://clusterb/portal-b stickysession=JSESSIONID /Location Location /portal-c ProxyPass balancer://cluster/portal-c stickysession=JSESSIONID /Location Location /accesos-sso ProxyPass balancer://cluster/accesos-sso stickysession=JSESSIONID /Location - - server.xml - - Engine name=Catalina defaultHost=localhost Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitte r Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSen der/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDe tector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispa tch15Interceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=/tmp/war-temp/ deployDir=/tmp/war-deploy/ watchDir=/tmp/war-listen/ watchEnabled=false/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderList ener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.microsoft.jdbc.sqlserver.SQLServerDriver connectionURL=jdbc:microsoft:sqlserver:// desa-0:1433;databasename=accesos;selectmethod=cursor connectionName=accesosusr connectionPassword=j1ra808fa userTable=users userNameCol=username userCredCol=password userRoleTable=user_role roleNameCol=role debug=99 / Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine - - web.xml
problem with tomcat clusters sso with apache load balancer
Hi, I am Alejandro from Argentina. I am having an issue with tomcat 6.0.10 using clusters and single sign on, while performing load balance with apache 2.2 When I am accessing a secured page, I try to login (the login form is shown correctly) but I receive the following: HTTP Status 400 - Invalid direct reference to form login page Note: The load balancer makes me switch between 2 tomcat servers. One switch by page request. Please tell me if the info is not enough. Thank you in advance. -- httpd.conf -- Location /balancer-manager SetHandler balancer-manager /Location Proxy balancer://cluster BalancerMember ajp://sismcarrizo:8009 BalancerMember ajp://servisitadores4:8009 /Proxy Proxy balancer://clusterb BalancerMember ajp://servisitadores4:8009 /Proxy Location /portal-a ProxyPass balancer://cluster/portal-a stickysession=JSESSIONID /Location Location /portal-b ProxyPass balancer://clusterb/portal-b stickysession=JSESSIONID /Location Location /portal-c ProxyPass balancer://cluster/portal-c stickysession=JSESSIONID /Location Location /accesos-sso ProxyPass balancer://cluster/accesos-sso stickysession=JSESSIONID /Location -- server.xml -- Engine name=Catalina defaultHost=localhost Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=/tmp/war-temp/ deployDir=/tmp/war-deploy/ watchDir=/tmp/war-listen/ watchEnabled=false/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.microsoft.jdbc.sqlserver.SQLServerDriver connectionURL=jdbc:microsoft:sqlserver://desa-0:1433;databasename=accesos;selectmethod=cursor connectionName=accesosusr connectionPassword=j1ra808fa userTable=users userNameCol=username userCredCol=password userRoleTable=user_role roleNameCol=role debug=99 / Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine -- web.xml -- !-- Define a Security Constraint on this Application -- security-constraint web-resource-collection web-resource-nameportal-a/web-resource-name url-pattern/mercados.jsp/url-pattern url-pattern/mercados.page/url-pattern url-pattern/mercados.jsf/url-pattern /web-resource-collection auth-constraint !-- NOTE: This role is not present in the default users file -- role-nameaccesos/role-name /auth-constraint /security-constraint !-- Define the Login Configuration for this Application -- login-config auth-methodFORM/auth-method realm-namePortal A Application/realm-name form-login-config