[mitreid-connect] Redirected back to main page??

Luiz Omori luiz.omori at duke.edu
Tue Nov 24 17:31:27 EST 2015


Oh, I could reproduce the exact same behaviour by just having the issuer property defined in the server-config.xml different than the root url used to make the requests. For example, my server-config.xml has issuer "http://127.0.0.1:8080/ldap-openid-connect-server/“ and my test client is calling http://localhost:8080/ldap-openid-connect-server/authorize. Since I’m running everything on my laptop they are semantically identical. If both are either 127.0.0.1 or localhost it works. Is this by design?

Regards,
Luiz

From: Justin Richer
Date: Tuesday, November 24, 2015 at 2:54 PM
To: Luiz Omori
Cc: "mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>"
Subject: Re: [mitreid-connect] Redirected back to main page??

I’m talking about something related to tomcat itself:

https://www.mulesoft.com/tcat/tomcat-clustering

If there’s only one instance of the server though then it should work fine so long as the load balancer is passing all headers (like cookies) through to the other side. Most common deployments of this software in enterprise space use a reverse proxy of some type, so a single-instance load balancer shouldn’t be different from that.

 — Justin

On Nov 24, 2015, at 2:21 PM, Luiz Omori <luiz.omori at duke.edu<mailto:luiz.omori at duke.edu>> wrote:

Are you talking about MitreId own DB (in-memory versus MySQL versus …) or something else purely related to Tomcat?

In any case for now we have only one MitreId instance behind the load balancer as the second instance is not ready yet.

Regards,
Luiz

From: Justin Richer
Date: Tuesday, November 24, 2015 at 2:18 PM
To: Luiz Omori
Cc: "mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>"
Subject: Re: [mitreid-connect] Redirected back to main page??

Do you have Tomcat’s shared session mechanism set up on your servers? You have to do that with a load-balanced setup otherwise things that are stored in the session object (like the target page after a login) will get lost.

 — Justin


On Nov 24, 2015, at 2:16 PM, Luiz Omori <luiz.omori at duke.edu<mailto:luiz.omori at duke.edu>> wrote:

Hi,

We are having a problem with MitreId Connect when it’s behind a load balancer. Everything works as expected when we hit it directly but when we use the load balancer address the server does the authentication however instead of redirecting the authorization code back to the client it appears to send it to MitreId main page, with the user logged in to it. In the latter case, we even don’t see the approval form.

Regards,
Luiz
_______________________________________________
mitreid-connect mailing list
mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>
http://mailman.mit.edu/mailman/listinfo/mitreid-connect


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20151124/e34d29c9/attachment-0001.html


More information about the mitreid-connect mailing list