Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-124963

OpenID Connect breaks session replication

    Details

      Description

      Steps to reproduce - environment setup

      1. Configure Liferay cluster with two tomcat nodes.
      2. Edit $TOMCAT_HOME/conf/server.xml of each node and configure the HTTP ports to "8080" and "8180", the shutdown ports to 8005 and 8105
      3. Activate session replication at tomcat level:
        1. Edit $TOMCAT_HOME/conf/server.xml of each node and inside Engine tag, add following text:
          <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
          
        1. Edit $TOMCAT_HOME/conf/context.xml of each node and inside Context tag, add following text:
              <Manager className="org.apache.catalina.ha.session.DeltaManager"
                       expireSessionsOnShutdown="false"
                       notifyListenersOnReplication="true"/>
          
        1. Edit $TOMCAT_HOME/webapps/ROOT/WEB-INF/web.xml and immediately following the <web-app> tag (inside the tag), add the tag <distributable />
      1. Edit $TOMCAT_HOME/conf/logging.properties and add the following lines.
        ############################################################
        # Custom properties to test session replication.
        # Coming from: https://docs.bmc.com/docs/ars1805/enabling-logging-804712615.html
        ############################################################
        
        5cluster.org.apache.juli.FileHandler.level = INFO
        5cluster.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
        5cluster.org.apache.juli.FileHandler.prefix = cluster.
        
        6cluster.org.apache.juli.FileHandler.level = INFO
        6cluster.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
        6cluster.org.apache.juli.FileHandler.prefix = ha.
        
        org.apache.catalina.tribes.MESSAGES.level = INFO
        org.apache.catalina.tribes.MESSAGES.handlers = 5cluster.org.apache.juli.FileHandler
        
        org.apache.catalina.tribes.level = INFO
        org.apache.catalina.tribes.handlers = 5cluster.org.apache.juli.FileHandler
        
        org.apache.catalina.ha.level = INFO
        org.apache.catalina.ha.handlers = 6cluster.org.apache.juli.FileHandler
        
      1. Also add cluster.org.apache.juli.FileHandler to handlers section at the beggining of the file.
        handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler, 5cluster.org.apache.juli.FileHandler, 6cluster.org.apache.juli.FileHandler
        
        .handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler, 5cluster.org.apache.juli.FileHandler
        
      1. Configure the portal nodes with remote Elasticsearch by creating an com.liferay.portal.search.elasticsearch7.configuration.ElasticsearchConfiguration file in LIFERA_HOME/osgi/configs with content:
        operationMode="REMOTE"
        
      1. Set the following in portal-ext.properties on each node:
        cluster.link.enabled=true
        web.server.display.node=true
        

      Steps to reproduce

      1. Start Elasticsearch
      2. Start first tomcat node and wait until startup finish
      3. Start second tomcat node and wait until startup finish
      4. Enable OpenID Connect authentication
      5. Login via OpenID Connect: Click Sign In > OpenID Connect > Choose you OpenID provider and click Sign In
      6. Check ha.2021-xx-xx.log of both nodes:
        Expected: No error is logged
        Actual: On the node when login happens the following is logged:
        19-Jan-2021 14:39:37.583 SEVERE [ajp-nio-0.0.0.0-9009-exec-4] org.apache.catalina.ha.session.DeltaManager.requestCompleted Unable to serialize delta request for sessionid [45EA5DFE8296CB9176A4A36F4DD09689.worker2]
        	java.io.NotSerializableException: com.nimbusds.openid.connect.sdk.claims.UserInfo
        		at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
        		at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
        		at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
        		at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
        		at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
        		at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)
        		at org.apache.catalina.ha.session.DeltaRequest$AttributeInfo.writeExternal(DeltaRequest.java:398)
        		at org.apache.catalina.ha.session.DeltaRequest.writeExternal(DeltaRequest.java:291)
        		at org.apache.catalina.ha.session.DeltaRequest.serialize(DeltaRequest.java:305)
        		at org.apache.catalina.ha.session.DeltaSession.getDiff(DeltaSession.java:169)
        		at org.apache.catalina.ha.session.DeltaManager.requestCompleted(DeltaManager.java:998)
        		at org.apache.catalina.ha.session.DeltaManager.requestCompleted(DeltaManager.java:966)
        		at org.apache.catalina.ha.tcp.ReplicationValve.send(ReplicationValve.java:530)
        		at org.apache.catalina.ha.tcp.ReplicationValve.sendMessage(ReplicationValve.java:518)
        		at org.apache.catalina.ha.tcp.ReplicationValve.sendSessionReplicationMessage(ReplicationValve.java:500)
        		at org.apache.catalina.ha.tcp.ReplicationValve.sendReplicationMessage(ReplicationValve.java:412)
        		at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:341)
        		at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        		at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:431)
        		at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        		at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        		at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)
        		at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        		at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        		at java.lang.Thread.run(Thread.java:748)
        

        On the other node, where the session is replicated to, the following is logged:

        19-Jan-2021 14:39:11.389 SEVERE [Tribes-Task-Receiver[Catalina-Channel]-3] org.apache.catalina.ha.session.DeltaManager.messageReceived Manager [localhost#]: Unable to receive message through TCP channel
        	java.lang.ClassNotFoundException: com.liferay.portal.security.sso.openid.connect.internal.OpenIdConnectSessionImpl
        		at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
        		at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
        		at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
        		at java.lang.Class.forName0(Native Method)
        		at java.lang.Class.forName(Class.java:348)
        		at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:686)
        		at org.apache.catalina.tribes.io.ReplicationStream.resolveClass(ReplicationStream.java:79)
        		at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1868)
        		at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1751)
        		at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2042)
        		at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573)
        		at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431)
        		at org.apache.catalina.ha.session.DeltaRequest$AttributeInfo.readExternal(DeltaRequest.java:384)
        		at org.apache.catalina.ha.session.DeltaRequest.readExternal(DeltaRequest.java:274)
        		at org.apache.catalina.ha.session.DeltaSession.deserializeAndExecuteDeltaRequest(DeltaSession.java:703)
        		at org.apache.catalina.ha.session.DeltaManager.handleSESSION_DELTA(DeltaManager.java:1261)
        		at org.apache.catalina.ha.session.DeltaManager.messageReceived(DeltaManager.java:1201)
        		at org.apache.catalina.ha.session.DeltaManager.messageDataReceived(DeltaManager.java:949)
        		at org.apache.catalina.ha.session.ClusterSessionListener.messageReceived(ClusterSessionListener.java:77)
        		at org.apache.catalina.ha.tcp.SimpleTcpCluster.messageReceived(SimpleTcpCluster.java:788)
        		at org.apache.catalina.ha.tcp.SimpleTcpCluster.messageReceived(SimpleTcpCluster.java:771)
        		at org.apache.catalina.tribes.group.GroupChannel.messageReceived(GroupChannel.java:335)
        		at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:91)
        		at org.apache.catalina.tribes.group.interceptors.TcpFailureDetector.messageReceived(TcpFailureDetector.java:117)
        		at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:91)
        		at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(ChannelInterceptorBase.java:91)
        		at org.apache.catalina.tribes.group.ChannelCoordinator.messageReceived(ChannelCoordinator.java:274)
        		at org.apache.catalina.tribes.transport.ReceiverBase.messageDataReceived(ReceiverBase.java:261)
        		at org.apache.catalina.tribes.transport.nio.NioReplicationTask.drainChannel(NioReplicationTask.java:216)
        		at org.apache.catalina.tribes.transport.nio.NioReplicationTask.run(NioReplicationTask.java:101)
        		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        		at java.lang.Thread.run(Thread.java:748)
        

        Attachments

          Activity

            People

            Assignee:
            gabor.lovas Gábor Lovas
            Reporter:
            istvan.sajtos Istvan Sajtos
            Participants of an Issue:
            Recent user:
            Sophia Zhang
            Engineering Assignee:
            Stian Sigvartsen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              40 weeks, 5 days ago

                Packages

                Version Package
                7.1.10 DXP FP25
                7.1.X
                7.2.10 DXP FP11
                7.2.10.4 DXP SP4
                7.2.X
                7.3.10 DXP FP1
                7.3.10.1 DXP SP1
                7.3.6 CE GA7
                7.3.7 CE GA8
                7.3.X
                7.4.1 CE GA2 DXP 7,4
                7.4.13 DXP GA1
                Master