[JBoss JIRA] Created: (JBPORTAL-2075) CMS failure in jboss-portal-ha when LDAP is used for authentication
9:42 a.m.
CMS failure in jboss-portal-ha when LDAP is used for authentication
-------------------------------------------------------------------
Key: JBPORTAL-2075
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2075
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal CMS
Affects Versions: 2.6.5 SP1
Environment: OpenDS as LDAP server
Reporter: Martin Putz
Assignee: Sohil Shah
1. Used JBoss AS EAP 4.3 with all configuration (profile) and deployed JBoss Portal 2.6.5
HA Bundle on top of it.
2. Configured portal to use OpenDS (LDAP) for user, role and membership information.
3. Started up both the cluster nodes and logged in to Portal
4. Created a new instance of default CMSWindow and added a security protected CMS resource
to it. ( e.g. /default/content/private/license.html) Added this new instance of CMSWindow
to the default portal page.
5. When I visit the default portal page (on node1) ( home page ), if user is logged in,
the protected resource aka the license.html is shown and if the user is not logged in
Access denied message is shown instead of the CMSWindow2 content. So far everything is
fine and as expected.
6. When the default portal page (on node2) is accessed without a user being logged in, a
'404 Page Not found' is shown instead of the 'Access denied message'
7. With user being logged in, now shut down the active node that was being accessed over a
load balancer. Hit refresh or visit the portal again.
Result:
User is not asked to login again as the session is correctly replicated. However, for the
protected CMS resource a "404 Page Not found" is shown.
Everything works fine if the User,Role information is coming from database store.
It looks like in case of LDAP store the security (aka Role information ) is not available
on the replicated cluster node.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:30 p.m.
New subject: [JBoss JIRA] Work started: (JBPORTAL-2075) CMS failure in jboss-portal-ha when LDAP is used for authentication
[
https://jira.jboss.org/jira/browse/JBPORTAL-2075?page=com.atlassian.jira....
]
Work on JBPORTAL-2075 started by Sohil Shah.
CMS failure in jboss-portal-ha when LDAP is used for authentication
-------------------------------------------------------------------
Key: JBPORTAL-2075
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2075
Project: JBoss Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Portal CMS
Affects Versions: 2.6.5 SP1
Environment: OpenDS as LDAP server
Reporter: Martin Putz
Assignee: Sohil Shah
1. Used JBoss AS EAP 4.3 with all configuration (profile) and deployed JBoss Portal 2.6.5
HA Bundle on top of it.
2. Configured portal to use OpenDS (LDAP) for user, role and membership information.
3. Started up both the cluster nodes and logged in to Portal
4. Created a new instance of default CMSWindow and added a security protected CMS
resource to it. ( e.g. /default/content/private/license.html) Added this new instance of
CMSWindow to the default portal page.
5. When I visit the default portal page (on node1) ( home page ), if user is logged in,
the protected resource aka the license.html is shown and if the user is not logged in
Access denied message is shown instead of the CMSWindow2 content. So far everything is
fine and as expected.
6. When the default portal page (on node2) is accessed without a user being logged in, a
'404 Page Not found' is shown instead of the 'Access denied message'
7. With user being logged in, now shut down the active node that was being accessed over
a load balancer. Hit refresh or visit the portal again.
Result:
User is not asked to login again as the session is correctly replicated. However, for
the protected CMS resource a "404 Page Not found" is shown.
Everything works fine if the User,Role information is coming from database store.
It looks like in case of LDAP store the security (aka Role information ) is not
available on the replicated cluster node.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6:52 p.m.
New subject: [JBoss JIRA] Resolved: (JBPORTAL-2075) CMS failure in jboss-portal-ha when LDAP is used for authentication
[
https://jira.jboss.org/jira/browse/JBPORTAL-2075?page=com.atlassian.jira....
]
Sohil Shah resolved JBPORTAL-2075.
----------------------------------
Fix Version/s: 2.6.6 Final
Resolution: Done
Two issue here:
1/ The slave node shows an inaccurate "404 Not Found" message instead of the
expected "Access Denied" message being shown just like the master node. This
issue is the one that is fixed
2/ The issue with the authenticated session not propagating to the new node during a fail
over only in LDAP mode is not reproducible. On my setup the authenticated session properly
fails over both in LDAP and DB mode. However, for the security context to propagate to the
new node, you need to have the ClusteredSingleSignOn valve activated in the
jbossweb-deployer/server.xml
CMS failure in jboss-portal-ha when LDAP is used for authentication
-------------------------------------------------------------------
Key: JBPORTAL-2075
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2075
Project: JBoss Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Portal CMS
Affects Versions: 2.6.5 SP1
Environment: OpenDS as LDAP server
Reporter: Martin Putz
Assignee: Sohil Shah
Fix For: 2.6.6 Final
1. Used JBoss AS EAP 4.3 with all configuration (profile) and deployed JBoss Portal 2.6.5
HA Bundle on top of it.
2. Configured portal to use OpenDS (LDAP) for user, role and membership information.
3. Started up both the cluster nodes and logged in to Portal
4. Created a new instance of default CMSWindow and added a security protected CMS
resource to it. ( e.g. /default/content/private/license.html) Added this new instance of
CMSWindow to the default portal page.
5. When I visit the default portal page (on node1) ( home page ), if user is logged in,
the protected resource aka the license.html is shown and if the user is not logged in
Access denied message is shown instead of the CMSWindow2 content. So far everything is
fine and as expected.
6. When the default portal page (on node2) is accessed without a user being logged in, a
'404 Page Not found' is shown instead of the 'Access denied message'
7. With user being logged in, now shut down the active node that was being accessed over
a load balancer. Hit refresh or visit the portal again.
Result:
User is not asked to login again as the session is correctly replicated. However, for
the protected CMS resource a "404 Page Not found" is shown.
Everything works fine if the User,Role information is coming from database store.
It looks like in case of LDAP store the security (aka Role information ) is not
available on the replicated cluster node.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6018
days inactive
6019
days old
2 comments
2 participants
participants (2)
-
Martin Putz (JIRA) -
Sohil Shah (JIRA)