<div dir="ltr">Hello
<span style="color:rgb(136,136,136)">Jarno </span><div><br></div><div>my answers<div><br></div><div>How does the traffic flow normally (with SSO enabled) ? Is it something<br>like: F5 -> apache -> jboss(ajp/port 8009) ?</div><div>yes, correct<br><br>Where does this 503 error (service unavailable) come from, does F5 generate<br>it, or apache (or something else) ?</div><div>in the web browser we have the error message : </div><div><span style="color:rgb(0,0,0);font-family:"Courier New"">Service Unavailable</span></div><div><span style="color:rgb(0,0,0);font-family:"Courier New"">The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.</span></div><div><span style="color:rgb(0,0,0);font-family:"Courier New"">Apache/2.4.37 (Red Hat) Server at apps.domain.intra Port 443</span></div><div><span style="color:rgb(0,0,0);font-family:"Courier New""><br></span></div><div><span style="color:rgb(0,0,0);font-family:"Courier New"">in ssl_access log we have : </span>"POST /app/nc?command=ping HTTP/1.1" <b>503 </b>390</div><div><br>What happens when you stop apache on the node you're connected to but leave<br>jboss running ? Does F5 failover to the second node ?</div><div>yes it does</div><div><br><br>If the traffic flow is F5->apache->jboss do you have some kind of health<br>check in F5 so F5 detects when jboss is down and stops sending traffic to<br>that node ?<br></div><div><br></div><div>F5 stop sending traffic to apache ( down). and send traffic to the other apache (up)</div><div>Heartbeat mecanism is implemented allowing F5 to monitors nodes</div><div><br></div><div>BR</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le mar. 1 juin 2021 à 15:46, Jarno Huuskonen <<a href="mailto:jarno.huuskonen@uef.fi">jarno.huuskonen@uef.fi</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
On Tue, 2021-06-01 at 15:02 +0200, Mohammed Maatit wrote:<br>
> thank you in advance for your help<br>
> <br>
> I installed two nodes with an apache 2.4 (with shibd 3.1.0)/jboss eap7 on<br>
> RHEL environment. <br>
> In front of them I have a F5 BIG IP device which redirects https requests<br>
> to the 2 nodes (sticky session activated)<br>
> when SSO is disabled in my application, shibd service stopped and<br>
> apache24.conf commented in httpd.conf (#Include<br>
> /etc/shibboleth/apache24.config)), failover works fine.<br>
> When I enable SSO, the authenfication process (sp/IDP) works fine and I am<br>
> connected to the first node,so perfect. <br>
> but when I stop the JBoss server that I am connected to, I do not switch<br>
> to the second node and I have the 503 error. <br>
<br>
How does the traffic flow normally (with SSO enabled) ? Is it something<br>
like: F5 -> apache -> jboss(ajp/port 8009) ?<br>
<br>
Where does this 503 error (service unavailable) come from, does F5 generate<br>
it, or apache (or something else) ?<br>
<br>
What happens when you stop apache on the node you're connected to but leave<br>
jboss running ? Does F5 failover to the second node ?<br>
<br>
If the traffic flow is F5->apache->jboss do you have some kind of health<br>
check in F5 so F5 detects when jboss is down and stops sending traffic to<br>
that node ?<br>
<br>
> I do not see where the bad configuration is located.<br>
> if I stop apache and jboss on node1, F5 redirects users to node 2 and also<br>
> SSO works fine. and the reverse works well too (apache2 and jbosss2<br>
> stopped,apache1 and jbosss1 running )<br>
> the problem is located exactly when one of the two nodes falls and the<br>
> switch does not occurs<br>
<br>
-Jarno<br>
<br>
-- <br>
Jarno Huuskonen<br>
<br>
-- <br>
For Consortium Member technical support, see <a href="https://wiki.shibboleth.net/confluence/x/coFAAg" rel="noreferrer" target="_blank">https://wiki.shibboleth.net/confluence/x/coFAAg</a><br>
To unsubscribe from this list send an email to <a href="mailto:users-unsubscribe@shibboleth.net" target="_blank">users-unsubscribe@shibboleth.net</a><br>
</blockquote></div>