tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron R <>
Subject Single Sign On Replication with New Tomcat Cluster Nodes
Date Thu, 04 Dec 2014 18:35:29 GMT

I have a Tomcat cluster (7.0.42) that is configured to use the DeltaManager
for session replication. It also uses the ClusterSingleSignOn valve for SSO
and for propagating authentication to the other nodes in the cluster. If I
log into Tomcat1, the session state and the single sign on state are
successfully replicated to Tomcat2, so that when Tomcat1 goes down, the
load balancer switches me to Tomcat2, and I am still authenticated and am
able to access other applications on the server.

The problem I'm having is that if a new node (Tomcat3) is then brought up
after I have logged in, that new node does not appear to get any SSO state
replicated to it, as I get a 403 error when trying to access a different
application on the server. The regular session state is correctly
replicated to it, but I don't seem to have SSO authentication on this new

Should this scenario work? Is it possible to get the single sign on state
propagated to nodes that come online after the user has logged in?

I see one instance of someone mentioning a similar issue in passing a while
back (,
but I didn't see any followup after that.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message