Problems Logging in to iChain 2.0
Novell Cool Solutions: Tip
Digg This -
Posted: 12 Nov 2001
Version: iChain 2.0
When attempting to login to the iChain 2.0 authentication page, some people are getting 403 errors, or find that takes a long time to complete. Here's what's happening, and how you can work around it. For more info, see TID 10065450
Layer 4 switches can be configured in many different ways, depending on brands and software. Common configurations are thread-based sessions and source IP address based sessions.
Many web based applications, and secure communication, require session continuity i.e. the communication must be maintained between the client and the origin server for the full secure session. HTTPS session communication usually requires several threads to be utilized during its establishment. During this establishment, a Layer 4 switch may change origin servers for load balancing; for each SYN SEQ, the Layer 4 switch configured for thread based load balancing, will determine if this new session should be directed to a new origin server. This will cause the client to try and complete the session establishment with a new server that has a different encryption key pair, and fail.
This is true in the case of iChain authentication. Load balancing and fault tolerance can be created using the IP address hashing that Layer 4 switches can perform. To maintain session "stickiness" during the establishment and cookie exchange during an iChain authentication session, the Layer 4 switches must be able to maintain the IP communication from the browser to the iChain server until the cookie and authentication ID has been established. The session broker functionality will then maintain authentication details between all iChain servers.
When using iChain 2.0 with a layer 4 switch and secure sessions, ensure the switch is configured to maintain sessions (also known as Server Load Balancing) based on source IP address not thread based.
Note: http://www.novell.com/info/ collateral/docs/4621207.01/4621207.pdf describes the use of Session Broker and layer 4 switching for load balancing and redundancy.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com