Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-15847

Digest mechanism needs sticky sessions

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Major
    • None
    • None
    • Web (Undertow)
    • None

    Description

      When the auth-method DIGEST is specified in the login-config section of the web.xml of an application, requests to this application do not get a session cookie in return until there is an authenticated session. In a load balanced environment, this becomes problematic as the response to the DIGEST challenge risks being sent to another node than the one that sent the challenge, which leads to authentication failure. This worked in EAP 6.3.1 after https://bugzilla.redhat.com/show_bug.cgi?id=1126490 so seems we have a similar issue to fix again here when moving to EAP 7/Wildfly.

      Attachments

        Issue Links

          is incorporated by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-25228 [GSS](8.0.z) Support HTTP Digest when fronted by load balancer

          • Critical - To be worked on immediately following BLOCKER issues.
          • New

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-22980 [GSS](7.4.z) Support HTTP Digest when fronted by load balancer

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • New
          is related to

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-2007 Digest mechanism needs sticky sessions

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Task - Represents a small unit of work that is not end-user facing. WFLY-15848 Remove the DigestAuthenticationMechanism from the Undertow subsystem

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. ELY-2279 Digest mechanism needs sticky sessions

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              flaviarnn Flavia Rainone
              rhn-support-aogburn Aaron Ogburn
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: