Cause:
SSO does not work properly with distributable application on EAP 6.1.1 in the default configuration. However, it can be configured to work in EAP cluster.
Consequence:
<distributable/> tag has been commented out in EAP6 deployable binaries, which makes clustering of web session unavailable by default.
Workaround (if any):
To enable both SSO and distributable application feature, SSO must be configured to use proper cache container with replicated cache.
Result:
Created attachment 839021[details]
standalone-ha.xml
Description of problem:
<distributable/> tag has been commented out in EAP6 deployable binaries, which makes clustering of web session unavailable.
This has been done in order to fix SSO (https://issues.jboss.org/browse/GUVNOR-2033), but I believe that EAP 6.1.1 can be configured properly and SSO should work with distributable applications.
For distributable application the sso element (subsystem urn:jboss:domain:web) must point to cache container and replicated cache (see a subsystem urn:jboss:domain:infinispan in standalone-ha.xml) as follows:
<sso cache-container="web" cache-name="sso" reauthenticate="false" />
I am attaching my standalone-ha.xml (-ha and -full-ha have configured replicated cache by default, so only <sso ..> needs to be added).
steps to reproduce:
1. enable <distributable/> in web.xml of Business Central, deploy it together with dashbuilder
2. use the attached standalone-ha.xml (or just make those configuration changes)
3. run the server, log in to Business Central
4. navigate to Dashboards -> Business Dashboards, Dashbuilder application should appear without any need to log in again.
confirmed that it does work with HA configuration. Although that would force all users to use the HA settings by default even though is not needed (no clustering setup). My vote is to document how to configure it with distributable for cluster based solutions. As session replication has adds some overhead as well and not always this is needed.
Wdyt?
That's a valid proposal, I agree, let's document it properly and make SSO without distributable application the default option. May I just ask you to remove the comment from web.xml pointing to https://issues.jboss.org/browse/WFLY-986 (it's confusing)?