Description of problem: Digest authentication works fine with a single node within a JBoss cluster with httpd as loadbalancer. But when a second node is added to the cluster, the Digest authentication is no longer working, as expected. Observations: - The stick-session isn't maintained during the authentication mechanism: -> On the client response, the request gets bounced on different nodes, resulting as failed authentication and looping in such way that the authentication succeed after several time or sometimes just ends with a 401 error. Version-Release number of selected component (if applicable): -EAP-6.1.1 -Apache is 2.2.15 -mod_cluster is 1.2.6.final How reproducible: 2 jboss instances clustered behind a httpd loadbalancer 1DC(hosting servers),1HC, and Apache mod_cluster, testApp( Digest Authentication) Steps to Reproduce: 0.Configure a loadbalancer on Apache (mod_cluster) 1.Set a Digest Authentication security-domain, deploy the testApp 2.Try to access testApp from the browser to the loabalancer <-- works fine 2.Bring the second node into the cluster, (HC joining the DC) 3.Kill the brwoser 5.Try to access the same App Actual results: -Authentication fails several times before it succeed. -Sometimes, ends up with 401 error after several tries Expected results: The sticky-session should be maintained during the Digest-Ath process, so that mod_cluster can route the couple of requests to the same node. Additional info: I'm not sure if this should be corrected in mod_cluster code or Digest-Auth code. Thanks. Patrick
Reproduced and fixed it in branch 7.4.x with r2485. Changed the DigestAuthenticator valve to ensure has a session in place by the time the 401 response is sent. Thus the loadbalancer will receive a session from the client that it can use to maintain stickiness and the issue is avoided. Future releases will need to upgrade to JBossWeb 7.4.9.Final+.
r2492 for branch 7.5.x.
r2485 for 7.4.9
Verified 6.3.1.CP1.CR1