Great, thanks for taking a look. I've submitted a bug report for
replicating the SingleSignOnEntry cache data here:
https://issues.apache.org/bugzilla/show_bug.cgi?id=57338

On Tue, Dec 9, 2014 at 9:23 PM, Keiichi Fujino <kfuj...@apache.org> wrote:

> I examined the code of ClusterSingleSignOn.
> This behavior seems to be bug.
> There seems to be some other problems.
> a) When a new node is started, SingleSignOnEntry of cache is not
> replicated. (you mentioned.)
> b) ClusterSingleSignOn does not implement ClusterValve.
> c) Unsupported to BackupManager.
> d) There are no documents.
>
> In order to resolve this problem(a), it must be synchronized between
> cluster nodes cache of SingleSignOnEntry at startup.
> Please open a bug entry for a).
>
> 2014-12-05 3:35 GMT+09:00 Aaron R <aaron14.pub...@gmail.com>:
>
> > Hello,
> >
> > I have a Tomcat cluster (7.0.42) that is configured to use the
> DeltaManager
> > for session replication. It also uses the ClusterSingleSignOn valve for
> SSO
> > and for propagating authentication to the other nodes in the cluster. If
> I
> > log into Tomcat1, the session state and the single sign on state are
> > successfully replicated to Tomcat2, so that when Tomcat1 goes down, the
> > load balancer switches me to Tomcat2, and I am still authenticated and am
> > able to access other applications on the server.
> >
> > The problem I'm having is that if a new node (Tomcat3) is then brought up
> > after I have logged in, that new node does not appear to get any SSO
> state
> > replicated to it, as I get a 403 error when trying to access a different
> > application on the server. The regular session state is correctly
> > replicated to it, but I don't seem to have SSO authentication on this new
> > server.
> >
> > Should this scenario work? Is it possible to get the single sign on state
> > propagated to nodes that come online after the user has logged in?
> >
> > I see one instance of someone mentioning a similar issue in passing a
> while
> > back (
> >
> >
> http://mail-archives.apache.org/mod_mbox/tomcat-users/200809.mbox/%3C15060d5e0809211745s522af93bv153367d9183c6e5e%40mail.gmail.com%3E
> > ),
> > but I didn't see any followup after that.
> >
> > Thanks,
> > Aaron
> >
> > --
> > Keiichi.Fujino
> >
>

Reply via email to