Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: 7.4.18.GA
Affects Version/s: 7.4.3.GA
Component/s: Clustering, Security, Undertow
Labels:
- upstream-linked

Blocked:
False
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.4.z.GA
Market:

SFDC Cases Counter:
SFDC Cases Links:

When the auth-method DIGEST is specified in the login-config section of the web.xml of an application, requests to this application do not get a session cookie in return until there is an authenticated session. In a load balanced environment, this becomes problematic as the response to the DIGEST challenge risks being sent to another node than the one that sent the challenge, which leads to authentication failure. This worked in EAP 6.3.1 after https://bugzilla.redhat.com/show_bug.cgi?id=1126490 so seems we have a similar issue to fix again here when moving to EAP 7/Wildfly.

incorporates

ELY-2279 Digest mechanism needs sticky sessions

Resolved

UNDERTOW-2007 Digest mechanism needs sticky sessions

Resolved

WFLY-15847 Digest mechanism needs sticky sessions

Resolved

is cloned by

JBEAP-25228 [GSS](8.0.z) Support HTTP Digest when fronted by load balancer

relates to

JBEAP-23045 (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001

Closed

links to

KCS

(1 links to)

Assignee:: Diana Krepinska

Reporter:: Aaron Ogburn

Votes:: 0 Vote for this issue

Watchers:: 15 Start watching this issue

Created:: 2021/12/16 10:47 PM

Updated:: 2024/04/12 8:31 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates