[Shib-Users] JSESSIONID problem

106 views
Skip to first unread message

janusz.u...@heanet.ie

unread,
Oct 2, 2009, 4:33:37 AM10/2/09
to shibbole...@internet2.edu
Hi,
I have problem with JSESSIONID. It's not set during the first request to
/SAML2/Redirect/SSO so it's causing problem with apache proxy-balancer (sticky session)
Is any way to get this working?

Thanks in advance.
Janusz

Chartrel, Olivier

unread,
Oct 2, 2009, 4:57:14 AM10/2/09
to shibbole...@internet2.edu

Hi,

 

I met the exact same problem with Shibboleth IdP running on WebSphere cluster.

To avoid the problem, I have used the following workaround: I have created a Java Servlet filter that creates a Java session (“httpRequest.getSession(true)”) and I have loaded this filter in Shibboleth “web.xml” file and mapped it on the “/*” resource (all Shibboleth URIs).

 

This workaround works fine for me but (with quite simple use cases), as far as I know, the “official” position of Shibboleth project on this point is to avoid the use of the Servlet Session because of various issues regarding clustering and load balancing…

 

Regards,

Olivier CHARTREL

Capgemini Division Sud

 

-----Message d'origine-----
De : janusz.u...@heanet.ie [mailto:janusz.u...@heanet.ie]
Envoyé : vendredi 2 octobre 2009 10:34
À : shibbole...@internet2.edu
Objet : [Shib-Users] JSESSIONID problem

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.




Janusz Ulanowski
unread,
Oct 2, 2009, 5:28:43 AM10/2/09
to shibbole...@internet2.edu
Thanks very much.
Is it any security issue to set jsessionid on this request?
Thanks,
Janusz
Chartrel, Olivier wrote:
>
> Hi,
>
> I met the exact same problem with Shibboleth IdP running on WebSphere 
> cluster.
>
> To avoid the problem, I have used the following workaround: I have 
> created a Java Servlet filter that creates a Java session 
> (“/httpRequest.getSession(true)/”) and I have loaded this filter in 
> Shibboleth “/web.xml/” file and mapped it on the “/*” resource (all 
> Shibboleth URIs).
>
> This workaround works fine for me but (with quite simple use cases), 
> as far as I know, the “/official/” position of Shibboleth project on 
Chad La Joie
unread,
Oct 3, 2009, 5:20:44 AM10/3/09
to shibbole...@internet2.edu
The JSESSIONID is never used for Shibboleth.  Any use for which you 
employ it is going to be up to you and the container to handle.  Just be 
aware of that.
-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch
Reply all
Reply to author
Forward
0 new messages