Session affinity is not working the IHS and MFP V7 running on Liberty

Question

I have two MFP v7 Servers running on Liberty Profile 8.5.5.3 and if I access the console via an HTTP Server (IHS), I always get the login screen even after a successful authentication.

I see this lines in the server logs:

[4/21/15 13:25:41:704 CDT] 000000a2 com.ibm.ws.security.token.internal.TokenManagerImpl I CWWKS4001E: The security token cannot be validated. This can be for the following reasons 1. The security token was generated on another server using different keys. 2. The token configuration or the security keys of the token service which created the token has been changed. 3. The token service which created the token is no longer available.

The plugin is expecting the JSESSIONID cookie to set the affinity, but it seems the cookie is never generated by the server.

I can get into the console if I set the same ltpa tokens on both servers, but that does not solve the original problem, which is that the affinity is not working.

Answer 1

Normal. The affinity is not working since there is no session affinity.

The MFP console doesn't create sessions because there is no need to keep information in session and so there is no session affinity and no JSESSIONID cookies. Every server can process every request even if the previous request was not processed by this server.

So for example the console can run on server and invoke a service that will run on another server.

All this means that for the console SSO is required. So you need to have the same LTPA keys on all servers.