tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ROOKIE <vinod...@yahoo.com>
Subject SSO session replication within TC 5.5.23 cluster
Date Tue, 29 May 2007 11:50:03 GMT
Hi,

I have created a simple TCP cluster of 2 TC 5.5.23 servers and added a Apache 2.2 (mod_proxy)
load balancer in front. Our tomcat has SSO valve enabled.

I wanted to know if TC 5.5.23 supports SSO session replication ? 

Googling tells me that a patch was submitted for this, http://fabien.carrion.free.fr/TomcatCluster.html
and even the catalina-cluster.jar has the ClusterSingleSignOn valve. But TC mailing lists
suggest that the support is still not complete.

In any case I have not been able to get it working. 

Whenever I use the SSO cookie for authentication I get 401 from all the other cluster members
(except the one who generated the SSO session id). 

The requested resource is protected and the UserPrincipal found in the HttpRequest by the
other cluster members is null. I use a customized NTLM authenticator which expects a non-null
UserPrincipal in the HttpRequest if user is already authenticated.

Following is my cluster node in server.xml (embedded in Host node) :

        <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
             clusterName="rooksCluster"
             managerClassName="org.apache.catalina.cluster.session.DeltaManager"
             expireSessionsOnShutdown="false"
             useDirtyFlag="true"
             notifyListenersOnReplication="true">

            <!--Shared between the whole cluster-->
            <Membership 
            className="org.apache.catalina.cluster.mcast.McastService"
            mcastAddr="228.0.0.4"
            mcastPort="45564"
            mcastFrequency="500"
            mcastDropTime="3000"/>

            <!--Unique listen port for each cluster node-->
            <Receiver 
            className="org.apache.catalina.cluster.tcp.ReplicationListener"
            tcpListenAddress="auto"
            tcpListenPort="4002"
            tcpSelectorTimeout="100"
            tcpThreadCount="4"/>

            <Sender
            className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
            replicationMode="pooled"
            ackTimeout="15000"
            waitForAck="true"/>

            <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
               filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>
                  
            <Valve className="org.apache.catalina.cluster.authenticator.ClusterSingleSignOn"
debug="0"/>
            <Valve className="org.apache.catalina.cluster.session.JvmRouteBinderValve"
enabled="true" sessionIdAttribute="takeoverSessionid"/>
               <ClusterListener className="org.apache.catalina.cluster.session.JvmRouteSessionIDBinderListener"
/>            
            <ClusterListener className="org.apache.catalina.cluster.session.ClusterSessionListener"/>
        </Cluster>

Any ideas why SSO session replication is not working, is it a configuration error or does
TC 5.5.23 not support this.



TIA,

Vinod









       
____________________________________________________________________________________Yahoo!
oneSearch: Finally, mobile search 
that gives answers, not web links. 
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message