Authentication failed intermitently appears for users in D2 4.1 with OAM SSO

Nagaraj_M

Hi All,
We have a D2 4.1 setup running using 6.7 CS.
D2 uses Oracle Access manager for its SSO.
But we have been seeing authentication failed pop up appearing intermittently for couple of user ids but the rest of the Ids works fine.
On checking D2.log I see both authentication success and failure info for the ids.
Also "Session timeout" appears very intermittently.

Nagaraj_M

Issue seems to appear on a Load balanced environment alone and on Dev which is not load balanced we see it to be working as expected.

DCTM_Guru

Do you have your load balancer configured with sticky sessions? If your user is routed to a different server, then the authentication token created for that session will no longer be valid.

Nagaraj_M

Hi Johnny, Thanks for your response.
In our QA setup we had the load balancing of D2 application server happening from OAM servers which have been provided with Cookie Persistence option which solved the issue for few days.

But now again with the same configuration we see the below issue where in we see below error for Authentication failure (but No Authentication exceptions on Docbase logs, D2 logs or on OAM logs):
Below logs are from D2 Webservice logs:
[ERROR] - c.e.x.p.s.s.l.RpcLoginServiceImpl[ ] : Exception while setting sso context com.emc.x3.client.common.exceptions.X3MissingContextException: Missing context(s) from session, re-connection required at com.emc.x3.server.context.ContextManager.getContext(ContextManager.java:88) [X3-Common-4.1.0.jar:na] at com.emc.x3.server.GuiceRemoteServiceServlet.getContext(GuiceRemoteServiceServlet.java:196) [X3-Common-4.1.0.jar:na] at com.emc.x3.portal.server.service.login.RpcLoginServiceImpl.initContext(RpcLoginServiceImpl.java:110) [RpcLoginServiceImpl.class:na] at sun.reflect.GeneratedMethodAccessor199.invoke(Unknown Source) [na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [na:1.6.0_24] at java.lang.reflect.Method.invoke(Method.java:597) [na:1.6.0_24] at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569) [gwt-servlet.jar:na] at com.emc.x3.server.GuiceRemoteServiceServlet.processCall(GuiceRemoteServiceServlet.java:105) [X3-Common-4.1.0.jar:na]

"Session lost due to timeout" Pop up with the below error:
SEVERE: Error while restoring previous Session
com.emc.x3.client.common.exceptions.X3MissingContextException: Missing context(s) from session, re-connection required

Current setup uses Weblogic server as the application server.

DCTM_Guru

This looks like inner workings of SSO. You will have to submit a ticket with OpenText. FYI - I have had customers requesting timeout in Docoumentum to be set to 8 hrs to eliminate these kind of issues since they didn't have SSO. You might want to bump up the timeout in the meantime.