Help : Shibboleth SP for apache/jboss clustering environnent
jarno.huuskonen at uef.fi
Tue Jun 1 13:46:01 UTC 2021
On Tue, 2021-06-01 at 15:02 +0200, Mohammed Maatit wrote:
> thank you in advance for your help
> I installed two nodes with an apache 2.4 (with shibd 3.1.0)/jboss eap7 on
> RHEL environment.
> In front of them I have a F5 BIG IP device which redirects https requests
> to the 2 nodes (sticky session activated)
> when SSO is disabled in my application, shibd service stopped and
> apache24.conf commented in httpd.conf (#Include
> /etc/shibboleth/apache24.config)), failover works fine.
> When I enable SSO, the authenfication process (sp/IDP) works fine and I am
> connected to the first node,so perfect.
> but when I stop the JBoss server that I am connected to, I do not switch
> to the second node and I have the 503 error.
How does the traffic flow normally (with SSO enabled) ? Is it something
like: F5 -> apache -> jboss(ajp/port 8009) ?
Where does this 503 error (service unavailable) come from, does F5 generate
it, or apache (or something else) ?
What happens when you stop apache on the node you're connected to but leave
jboss running ? Does F5 failover to the second node ?
If the traffic flow is F5->apache->jboss do you have some kind of health
check in F5 so F5 detects when jboss is down and stops sending traffic to
that node ?
> I do not see where the bad configuration is located.
> if I stop apache and jboss on node1, F5 redirects users to node 2 and also
> SSO works fine. and the reverse works well too (apache2 and jbosss2
> stopped,apache1 and jbosss1 running )
> the problem is located exactly when one of the two nodes falls and the
> switch does not occurs
More information about the users