Question
Accenture Pte Ltd
SG
Last activity: 16 Nov 2023 2:46 EST
Does Pega require / work well with IBM WebSphere M2M Session Management?
Hi All,
1. Does anyone know if Pega require session replication in the cluster of app servers? e.g. Leveraging IBM WebSphere Memory-to-Memory (M2M) session replication?
2. Or best to leave it to no session replication on the cluster of app servers since Pega already have Passivation capability?
3. What if our pega instances have Passivation on as well as IBM WAS Memory to Memory session replication activated? What would be the behaviour?
Thanks
Accepted Solution
Accenture Pte Ltd
SG
Pega Support team has confirmed that the app server session replication is not supported by Pega (INC-A18968).
Proximus
BE
Hello,
We're on websphere and we don't use this setting and it works fine but lots of settings depends on technical & business requirements.
Websphere is deprecated from 8.7 so you should consider PEGA capacity as much as you can to be future proof and to avoid having to rework based on technology change.
Regards
Anthony
Accenture Pte Ltd
SG
Thanks for the response.
It can be switched off, however, what I am trying to find out, if when both handling user sesion mechanisms (IBM M2M and Pega Passivation) are on, will it work well without issue?
I am facing the following issue, when one login via SAML, in the process of validating SAML response, when JSESSIONID failovers, the user will be presented with Pega Login screen.
Below is the chronological sequence of events:
- User go to Node A
- Routed to ADFS
- Coming back from ADFS, user is routed to Node B
- SAML response validated successfully in Node B
- Node B detected same requestor ID found in Node A and trigger to destroy the requestor in Node A (look for requestor "HLXCXLCNWZSEF8C7E7Q552E8E77MY0R8NA")
- Node B then unable to detect the Auth Service to use (it’s blank)
- Node B presents Pega login screen.
Node B logs:
Thanks for the response.
It can be switched off, however, what I am trying to find out, if when both handling user sesion mechanisms (IBM M2M and Pega Passivation) are on, will it work well without issue?
I am facing the following issue, when one login via SAML, in the process of validating SAML response, when JSESSIONID failovers, the user will be presented with Pega Login screen.
Below is the chronological sequence of events:
- User go to Node A
- Routed to ADFS
- Coming back from ADFS, user is routed to Node B
- SAML response validated successfully in Node B
- Node B detected same requestor ID found in Node A and trigger to destroy the requestor in Node A (look for requestor "HLXCXLCNWZSEF8C7E7Q552E8E77MY0R8NA")
- Node B then unable to detect the Auth Service to use (it’s blank)
- Node B presents Pega login screen.
Node B logs:
2023-10-25 09:10:12,665 [ WebContainer : 4] [ ] [ ] [ ] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Requestor type not found from cookie so fetched requestor type from query map
2023-10-25 09:10:12,665 [ WebContainer : 4] [ ] [ ] [ ] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - retrieving an active requestor using mRequestorId: HLXCXLCNWZSEF8C7E7Q552E8E77MY0R8NA
2023-10-25 09:10:14,134 [ WebContainer : 4] [ STANDARD] [ ] [ ] ( mgmt.base.NodeRequestorMgt) INFO xxxxx.fqdn.com - [Quiesce] Found requestor [HLXCXLCNWZSEF8C7E7Q552E8E77MY0R8NA] on remote node: b3d6639e-c509-441a-a4c4-b4f0fd9c9d1b
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ ] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - getObfuscationKey(): Getting obfuscation key=null, for Requestor IdHD2HCPOTL6N71USHGII2RC6U42RYW00A0A
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ ] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Updated cookie path is /xxx/PRAuth/app/default/
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - [ Locale info for: STANDARD ]
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - LstReq: en_US
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Specif: null
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Client: en_US
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Thread: en_US
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - [ Device info for: STANDARD ]
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - LstReq: null
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Specif: null
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Proprietary information hidden Safari/537.36 Edg/117.0.2045.55
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Thread:
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Password is not decoded
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - primary page name - pzPrimaryPageName null
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - primary page name - pzPrimaryPageName null
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - tenantid hash = shared
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - authServiceName =
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - mapKey = <<PRAuth: shared:PRAuth>>
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - Creating new SchemePRAuth instance for
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - Unable to open AuthService definition initializing SchemePRAuth with defaults
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - tenantid hash = shared
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - authServiceName =
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - mapKey = <<PRAuth: shared:PRAuth>>
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - Creating new SchemePRAuth instance for
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - Unable to open AuthService definition initializing SchemePRAuth with defaults
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Stream name identified in input map : null
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) INFO xxxxx.fqdn.com - Input activity param sent is NULL.
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - --- Settings to be considered before performing authentication---
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - sAuthFlag : null
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - is snapstart case :false
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com - Is authentication required : false
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - New context is created while executing pre auth
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - Fetching Platform Authentication instance
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - Show pre login screen for user to select auth service
2023-10-25 09:10:14,181 [ WebContainer : 4] [ STANDARD] [ ] [ PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com - Poping New context created after execution of pre auth
Node A logs:
2023-10-25 09:10:14,153 [otejob-executor-3053] [ STANDARD] [ ] [ ] ( internal.mgmt.PRRequestorImpl) INFO - [QuiescePassivation] forcePassivateInner: passivated or destroyed requestor [HLXCXLCNWZSEF8C7E7Q552E8E77MY0R8NA]
Proximus
BE
Hello,
Tricky since we don't use same authentication process. We use SSO and for this, since user doesn't really need to authenticate on its own he enters immediately PEGA application and then it's up to passivation.
But you'll retrieve all from PEGA itself, I'm not sure to see how M2M will intervene to help here.
Well, maybe a last check to be done is your default access group for Portal/Browser. If it's PRPC unauthenticated then by default you won't be able to directly re-access your application. You need to make one application specific or it won't work.
If this doesn't work neither then I'll have got to admit that I'm clueless for this point and that you'll need someone else view :-)
Regards
Anthony