It was contributed but never completed, so it is not working properly
Filip
ROOKIE wrote:
Hi,
Can someone please clarify if tomcat 5.5 supports replication of single-sign-on
sessions across cluster members, if so how to configure it ?
Thanks,
Vinod
----- Original Message ----
From: ROOKIE <[EMAIL PROTECTED]>
To: users@tomcat.apache.org
Sent: Tuesday, May 29, 2007 5:20:03 PM
Subject: SSO session replication within TC 5.5.23 cluster
Hi,
I have created a simple TCP cluster of 2 TC 5.5.23 servers and added a Apache
2.2 (mod_proxy) load balancer in front. Our tomcat has SSO valve enabled.
I wanted to know if TC 5.5.23 supports SSO session replication ?
Googling tells me that a patch was submitted for this,
http://fabien.carrion.free.fr/TomcatCluster.html and even the
catalina-cluster.jar has the ClusterSingleSignOn valve. But TC mailing lists
suggest that the support is still not complete.
In any case I have not been able to get it working.
Whenever I use the SSO cookie for authentication I get 401 from all the other cluster members (except the one who generated the SSO session id).
The requested resource is protected and the UserPrincipal found in the
HttpRequest by the other cluster members is null. I use a customized NTLM
authenticator which expects a non-null UserPrincipal in the HttpRequest if user
is already authenticated.
Following is my cluster node in server.xml (embedded in Host node) :
<Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
clusterName="rooksCluster"
managerClassName="org.apache.catalina.cluster.session.DeltaManager"
expireSessionsOnShutdown="false"
useDirtyFlag="true"
notifyListenersOnReplication="true">
<!--Shared between the whole cluster-->
<Membership
className="org.apache.catalina.cluster.mcast.McastService"
mcastAddr="228.0.0.4"
mcastPort="45564"
mcastFrequency="500"
mcastDropTime="3000"/>
<!--Unique listen port for each cluster node-->
<Receiver
className="org.apache.catalina.cluster.tcp.ReplicationListener"
tcpListenAddress="auto"
tcpListenPort="4002"
tcpSelectorTimeout="100"
tcpThreadCount="4"/>
<Sender
className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
replicationMode="pooled"
ackTimeout="15000"
waitForAck="true"/>
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>
<Valve className="org.apache.catalina.cluster.authenticator.ClusterSingleSignOn" debug="0"/>
<Valve className="org.apache.catalina.cluster.session.JvmRouteBinderValve"
enabled="true" sessionIdAttribute="takeoverSessionid"/>
<ClusterListener className="org.apache.catalina.cluster.session.JvmRouteSessionIDBinderListener" />
<ClusterListener className="org.apache.catalina.cluster.session.ClusterSessionListener"/>
</Cluster>
Any ideas why SSO session replication is not working, is it a configuration
error or does TC 5.5.23 not support this.
TIA,
Vinod
____________________________________________________________________________________Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
____________________________________________________________________________________Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
