Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6994

WPA 4: url validator fail-back to the primary AM after fail-over although the primary AM is still down

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Agents-4.0.0
    • Fix Version/s: Agents-4.0.0, Agents-5.0
    • Component/s: web agents
    • Labels:
    • Environment:
      OpenAM Web Agent for Apache Server 2.4.x
       Version: 4.0.0-SNAPSHOT
       Revision: 15975
       Build machine: delacroix
       Build date: Sep 30 2015 02:47:22
    • Sprint:
      Sprint 95 - Team Curie

      Description

      Url validator fail-back to the primary AM after fail-over although the primary AM is still down.

      STEPS TO REPRODUCE:
      1.) Configure 2 AMs which knows each other
      2.) Create an agent profile and set properties:

      <AGENT PROFILE> / OpenAM services / OpenAM Login URL:
      
          https://perf-openam.internal.forgerock.com:8443/openam/UI/Login
          https://perf-openam2.internal.forgerock.com:8443/openam/UI/Login
      
      <AGENT PROFILE> / OpenAM services / OpenAM Logout URL:
      
          https://perf-openam.internal.forgerock.com:8443/openam/UI/Logout
          https://perf-openam2.internal.forgerock.com:8443/openam/UI/Logout
      
      <AGENT PROFILE> / SSO / CDSSO Servlet URL:
      
          https://perf-openam.internal.forgerock.com:8443/openam/cdcservlet
          https://perf-openam2.internal.forgerock.com:8443/openam/cdcservlet
      

      3.) Install policy agent and configure PA (/apache24_agent/instances/agent_1/conf/agent.conf)

      com.sun.identity.agents.config.naming.url = https://perf-openam.internal.forgerock.com:8443/openam https://perf-openam2.internal.forgerock.com:8443/openam
      com.sun.identity.agents.config.connect.timeout = 4000
      com.sun.identity.agents.config.debug.level = info
      
      com.forgerock.agents.ext.url.validation.default.url.set = 0,1
      com.forgerock.agents.ext.url.validation.level = 1
      com.forgerock.agents.ext.url.validation.ping.interval = 5
      com.forgerock.agents.ext.url.validation.ping.miss.count = 3
      com.forgerock.agents.ext.url.validation.ping.ok.count = 3
      

      4.) Start agent and hit the protected page
      5.) Observe the agent debug log:
      6.) Turn off primary AM (perf-openam in my case)
      Expected result:
      After 3 invalid hits of AM1 agent fail-over to AM2 and stayed there until will agent do 3 valid pings to AM1, then will be fail-back

      Observed result:
      PA after 3 invalid pings to AM1 do a fail-over to AM2(expected), but in the next ping is agent fail-back to primary AM although AM1 is still down.

      PA debug log (info level):

      2015-09-30 11:08:10.097 +0100 INFO [0x7f7bc736c700:6358] url_validator_worker(): continue with https://perf-openam.internal.forgerock.com:8443/openam
      2015-09-30 11:08:20.100 +0100 INFO [0x7f7bc736c700:6358] url_validator_worker(): continue with https://perf-openam.internal.forgerock.com:8443/openam
      2015-09-30 11:08:30.095 +0100 INFO [0x7f7bc736c700:6358] url_validator_worker(): continue with https://perf-openam.internal.forgerock.com:8443/openam
      2015-09-30 11:08:39.839 +0100 ERROR [0x7f7bc6b6b700:6358] net_error(source/net_client.c:491): Connection refused (111)
      2015-09-30 11:08:39.973 +0100 INFO [0x7f7bc736c700:6358] url_validator_worker(): still staying with https://perf-openam.internal.forgerock.com:8443/openam
      2015-09-30 11:08:44.844 +0100 ERROR [0x7f7bc7b6d700:6358] net_error(source/net_client.c:491): Connection refused (111)
      2015-09-30 11:08:44.977 +0100 INFO [0x7f7bc736c700:6358] url_validator_worker(): still staying with https://perf-openam.internal.forgerock.com:8443/openam
      2015-09-30 11:08:49.839 +0100 ERROR [0x7f7bc6b6b700:6358] net_error(source/net_client.c:491): Connection refused (111)
      2015-09-30 11:08:49.963 +0100 INFO [0x7f7bc736c700:6358] url_validator_worker(): still staying with https://perf-openam.internal.forgerock.com:8443/openam
      2015-09-30 11:08:54.839 +0100 ERROR [0x7f7bc6b6b700:6358] net_error(source/net_client.c:491): Connection refused (111)
      2015-09-30 11:08:54.964 +0100 INFO [0x7f7bc736c700:6358] url_validator_worker(): fail-over to https://perf-openam2.internal.forgerock.com:8443/openam
      2015-09-30 11:08:59.839 +0100 ERROR [0x7f7bc7b6d700:6358] net_error(source/net_client.c:491): Connection refused (111)
      2015-09-30 11:08:59.964 +0100 INFO [0x7f7bc736c700:6358] url_validator_worker(): fail-back to https://perf-openam.internal.forgerock.com:8443/openam
      2015-09-30 11:09:04.838 +0100 ERROR [0x7f7bc6b6b700:6358] net_error(source/net_client.c:491): Connection refused (111)
      2015-09-30 11:09:04.973 +0100 INFO [0x7f7bc736c700:6358] url_validator_worker(): fail-over to https://perf-openam2.internal.forgerock.com:8443/openam
      2015-09-30 11:09:09.839 +0100 ERROR [0x7f7bc7b6d700:6358] net_error(source/net_client.c:491): Connection refused (111)
      2015-09-30 11:09:09.967 +0100 INFO [0x7f7bc736c700:6358] url_validator_worker(): fail-back to https://perf-openam.internal.forgerock.com:8443/openam
      2015-09-30 11:09:14.839 +0100 ERROR [0x7f7bc6b6b700:6358] net_error(source/net_client.c:491): Connection refused (111)
      

        Attachments

          Activity

            People

            • Assignee:
              mareks Mareks Malnacs
              Reporter:
              richard.hruza Richard Hruza
              QA Assignee:
              Richard Hruza
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: