Maximo Open Forum

 View Only

 Problem with application server authentication on a cluster

Jump to Best Answer
  • Administration
  • Infrastructure
  • Security
Diego Visentin's profile image
Maximo Certified Diego Visentin posted 03-17-2022 06:39
Hi,
I am facing a problem that I have never seen.
Using the same ActiveDirectory, authentication on a single server works while on a cluster it doesn't.
The oddity is that the login page redirect returns the wrong url ("/maximo/webclient/login/login.jsp?welcome=true" instead of "/maximo/webclient/login/login.jsp?appservauth=true").
I have already double checked that the various web.xml and useAppServerSecurity are correct, even comparing them with those of the single server.
WAS security is ok because using the snoop servlet correctly pops up its basic authentication.
Any suggestions about how to address this problem?
Diego Visentin's profile image
Maximo Certified Diego Visentin Best Answer
I finally identified the problem: it is a cache shared by multiple modules in the EAR which could contain a different value of useAppServerSecurity than what is traced in the log.

Details:
every web module config (web.xml) in Maximo ear contains the parameter "useAppServerSecurity" whose value is independent for each module (by-design of J2E). However, the first module that reads it from its config stores the value in a Maximo cache used by the others who therefore no longer rely on the respective value of their configuration. Therefore, the value of useAppServerSecurity must be "1" on every web module even if app-server authentication is not enabled for all.