Posted: 14 Sep 2016 13:36 EDT Last activity: 22 Dec 2016 3:15 EST
High-Availability with Single-Sign-On process
I currently have setup a two nodes (PRPC 7.1.8) with a load balancer (sticky session) and shared storage between the two nodes for testing. The nodes are setup for single-sign-on using Custom Authentication Service (Kerberos via the Tomcat). Currently, when Quiesce is used on one of the node, the user experience seemed to be seamless (the user can basically start clicking and continue working) on the available node.
The problem I'm having is during an unexpected node crash. I can't seem to have the same or similar user experience. The user can't continue to work. The user has to re-open a new session to the new server (e.g. close/re-open browser). When the user tries to refresh on the same browser, I can see the session created but all I get back from the server is HTTP 500 error. I verified the problem is not on the container side as can see it in the catalina log that the user is correctly authenticated on the working node.
My question is, what is correct behavior during an unexpected node crash? What should the custom authentication service be doing?
***Updated by moderator: Marissa to add SR Details to post***
Please first refer to the HA admin guide (e.g.: https://pdn.pega.com/documents/pega-718-high-availability-administration-guide) server crash recovery section to make sure your setup meets all the conditions, including prconfig setting and the crash server is taken out of the rotation. It also describes the expected behavior during server crash. If you see something different, go ahead with a SR, GCS can investigate further.
I read the guideline the only thing that I don't get is that during a server crash, the user does not require to re-authenticate but it seems like my authentication service activities are still being called.
Posted: 4 years ago
Posted: 15 Sep 2016 8:45 EDT
Kevin Zheng (KevinZheng_GCS)
Director, Software Solutions Engineering
Upon reviewing the SR, we see that it has been closed due to a shift in priorities. As such, we will be closing this thread to future replies. Please contact us, moderators, in case you wish to reopen this discussion. Refer this blog to read on how to contact a moderator: Need a Moderator?