Weblogic Server contains NONE value during session ID generation - weblogic12c

We have setup weblogic 12.2.1.4 clustered environment with 2 nodes in a cluster. We use session ID as part of authentication mechanism to log our user session info to the database. When both managed servers are up, the server generates this session ID:
MrvgJEMe6NG95XNsflnhsWjspl52GXPdl33whbIfGkgaEQm7Rk0X!1974917613!-533469515!1605782630842
When we tried to test session replication, by bringing down the server that currently serves the HTTP request, we have noticed that the session ID has changed and contains NONE as part of the generated ID.
MrvgJEMe6NG95XNsflnhsWjspl52GXPdl33whbIfGkgaEQm7Rk0X!1974917613!NONE!1605782630842
This has caused session replication inconsistency. Has anyone encountered the same issue and how did you resolve it? Your inputs are highly appreciated.
Thank you in advance for the help.

Enable the Debug Flags to Track Session Replication Failures
To gather more logging information about session replication failures, you should enable the flags DebugCluster, DebugClusterAnnouncements, DebugFailOver, DebugReplication, and DebugReplicationDetails.
To Enable:
In WebLogic Server 9.x and higher, the reccommended approach is to use the admin console. For each server in the domain, navigate to Servers -> -> Debug and enable the desired flag(s).
You can use the weblogic.Admin command line utility to dynamically turn the debug options on and off.
For example, to turn on DebugCluster on all administration instances of ServerDebug Mbean (i.e., Admin Server or a Managed Server):
java weblogic.Admin -url t3://localhost:7001 -username system -password weblogic SET -type ServerDebug -property DebugCluster true
Alternatively, you can edit the config.xml and the Mbean element in the stanza for each server that you want to debug and set the value to "true" to enable or "false" to disable. Then you must restart the Admin Server. Managed Servers will reconnect to the Admin Server and the debug flags will then dynamically take effect. Example:
At the end, with all the flags set, in your config.xml the ServerDebug tag would like below:
Make sure the stdOutSeverity level of the server is INFO and StdoutDebugEnabled is set to "true". The debug information will be logged into the server log as well as to the standard out.
Validate the Weblogic.xml entries
Make sure weblogic.xml has all the parameters that need to be set for each Session Replication type. For example, when using in-memory replication the sample weblogic.xml would look like:

Related

Keycloak development instance: broken authentication configuration

I'm running a local h2 based development instance of keycloak (quarks one). I've been trying to add another custom means of login and I seem to have broken it.
I've changed the First Broker Login Flow and disabled the Review Profile(review profile config). I cannot login anymore. I get his error in the keycloak instance console when going into the login screen:
WARN [org.keycloak.authentication.DefaultAuthenticationFlow] (executor-thread-12) REQUIRED and ALTERNATIVE elements at same level! Those alternative executions will be ignored: [auth-cookie, null]
2022-09-25 10:50:38,131 WARN [org.keycloak.services] (executor-thread-12) KC-SERVICES0013: Failed authentication: org.keycloak.authentication.AuthenticationFlowException
Is there a way to revert this change through some config file / h2? Or do I just have to delete keycloak and start from scratch?
Thanks in advance
You can delete h2 related files from data/h2 directory. Though you will lose the configuration which you have done.

How to configure Mongodb MMS to go via a Proxy?

How to I change the monitoring-agent.config to go out via proxy with authentication?
The change log states...
Monitoring Agent 2.3.1.89-1
Released 2014-07-08
Added support for HTTP proxy configuration in the agent configuration file.
But I can't see how to do this.
Following wdberkeley's link I can add this value to the monitoring-agent.config file.
httpProxy=http://"pxproxy01":3128
But this gives..
Failure getting conf. Op: Get Err: Proxy Authentication Required
Is there anyway to set the authentication user/password ?
Edit file:
C:\MMSData\Monitoring\monitoring-agent.config
Add line...
httpProxy=http://<insert_server_address>:<insert_port>
e.g.
httpProxy=http://PROXY01.server.com:3128
Then get the proxy control team, who ever they be, to exclude the following from requiring authentication.
https://mms.mongodb.com 80
https://mms.mongodb.com 443
This has worked for me. I now have the MMS Agent on Windows sending stat's to the MMS service.
Thanks to #wdberkeley for starting me off on this route.
wdberkeley, the page you linked to does not exist & the classic page PDF & HTTP versions state 'HTTP_PROXY' not 'httpproxy' (on OSx section & tar.gz section), section '6.6 Monitoring Agent Configuration' does state the correct property name 'httpproxy'.

Jboss domain mode Order of precedence of configuration elements

From my understanding of domain mode operations is the following:
Host level: configuration will apply to all servers that are defined in host-slave.xml
Server group level: configuration applies to all servers that are part of the group
I'm using Jboss in domain mode, all slave machines startup pointing to the domain master and includes host-slave.xml, from Jboss admin portal, I have created number of groups, and I have assigned slaves to groups accordingly, however every time I restart jboss on any of the slaves, it comes back pointing to default server groups
<server name="server-one" group="main-server-group"/>
<server name="server-two" group="other-server-group">
And I have to go to that server and change the group, I have tried modifying group portion in host-slave.xml to correspond to the group I would like them to be part of, however I'm getting exceptions when starting up the server.
What am I missing here? is there is a way to have group level config override settings defined by host-slave.xml
Add <server name="server-one" group="main-server-group"/>
<server name="server-two" group="other-server-group">them in the host.xml and start them it should reflect. While start up it checks for host.xml.

How to start Weblogic admin server

when I am starting WebLogic admin server with local host:port no/console I am getting the following error:
Console/Management requests or requests with <require-admin-traffic> specified to 'true' can only be made through an administration channel.
How to overcome this error?
You can manualy change your config.xml, find the <require-admin-traffic> element and change it's value to false.
This is because the option administration-port-enabled is set to true in config.xml
(available under ../MW_HOME/user_projects/domains/config)
<administration-port-enabled>false</administration-port-enabled>
Perfect. Or you can use the administration port you entered when configuring the server to use the admin server, which will be different from the default one. The default one 7001, the default for the admin server is 9002 and you can only access it via https.
Not downvoting the answer as it is accepted and maybe useful for users which can't recover their admin port, but this is obviously not best practise.
Once you open config.xml under the folder ../config,
change this row from 'true' to 'false':
true
It should then be ok.
Skender Kollcaku
You are most probably trying to use the administration console on the application port. You need the administration port.
Go to your domain directories (ex. /opt/weblogic/domains/mydomain)
Go into sub-directory config
Run grep "administration-port" config.xml
This will give you a port number, like: <administration-port>12345</administration-port>
Use that port to connect to /console/.
ex: https://YOUR-SERVER:12345/console/
This is much preferable to using the application port for the console, like #Peter pointed out.

Using multiple keytabs in Kerberos JGSS without using JAAS .conf file

I want to use multiple keytabs in multiple server threads. I don't want to use JAAS conf file so i implemented my own login configuration in LoginConfiguration class. The getGSSCredentials() function in KerberosLogin class is used to get the Credentials by giving keytab location as parameter.
KerberosLogin -> http://ideone.com/vaip3H
LoginConfiguration -> http://ideone.com/jDqlN0
When i ran only two server threads, first one was able to get the credentials from its keytab ( both the server threads use different service principal ) while second one failed. Somehow using parms.put("refreshKrb5Config","true"); in LoginConfiguration solved the problem.
I am not able to understand why it's not working without refreshing the configuration and for cases in which there will be several such server threads will it be safe to use. Is there any better way to use multiple keytabs ?
It was due to the way java6 handles login config, it has been fixed in java7.