BB 7.1, Luminis 3.3.3 And PickUp.HTML CPIP
CPIPxperts:
We are having a few problems with our Luminis 3.3.3 installation and CPIPs:
#1 --
After installing L3.3.3, during a CPIP class (we've built pickup response, but have not had success with pickup.html with L3.1, from the last class, it became apparent several things were over looked in the first CPIP class we had) we ran into a bug in the CPIP framework that torpedoed pickup html CPIPs. A patch was applied by SCT support (from Luminis development), but didn't fix the problem. From scanning some previous notes on LDN, it seems other sites can do pickup html CPIPs. Has anyone run into a bug in 333 CPIP framework besides us ?
#2 --
Is anyone running BB (we are at BB7.1) in a load balanced configuration ? And if so, have you gotten a pickup html CPIP to function correctly ? We had a BB pickup html cpip coded for us by SCT, running under Luminis 3.1, that worked. Once our site load balanced BB, the CPIP stopped working.
Thank you.
-Gerry
Hack Your Knowledge
Recent blog posts
- LDI Queue Monitoring Script
- U of S Single Sign-on SSO Monitoring Script
- Lum IV - Perf problems and Paralled Deployment
- WebCT custom SSO Icon
- Examples using our AjaxRequests channel
- User-defined role and event trigger 101
- Silly question about lumdev itself
- See the XML nested-tables.xsl is processing
- Need Luminus version 3 or 4 for Installation
- Guest Login to IV?
Developer Links
Poll
- Login or register to post comments
- Older polls
Syndicate
BB 7 load balanced
Hi,
we've got BB7 load balanced. BUT you setup might be different from yours. Our Network Load Balancer switch is setup to use it's own cookie to determine where to route a user's session - so the pickup scripts need to rewrite this cookie too. One typical symptom is that without the NLB cookie SSO works 50% of the time (when you get lucky and the Luminis CPIP signs on to the same machine the browser goes to the pickup script for).
rich
BB 7 Load Balanced
Rich:
Thank you for the information. Our BB servers are load balanced by an F5 switch (from Big IP). If I'm not mistaken, it works very much like you described with your NLB, using a cookie to do session work.
Are you at Luminis 3.3.3 ?
And again, thank you for sharing your expertise with us.
-Gerry
Luminis version
Hi,
no we're Luminis 3.3.1.61
rich
BB7.1, Luminis3.3.3 And PickUp.HTML CPIP
Rich:
Thank you for the information ! We're still waiting for further news/patches from Luminis development.
-Gerry
BB71
Hi Gerry:
Did you have any further luck with this issue? We too are running BB71 in a load balanced confirguration(behind a Cisco content switch), and under 3.3.3 we experienced the same problems.
Our temporary (and distinctly unsatisfactory) solution is to pin the SSO authentication attempt to a single server using the IP address of one of the BB machines (in our hosts file) - which defeats the load balancer totally but at least allows our pilot users to single sign on to BB. However, this cannot in any way be thought of as a production solution!!
Cheers
Tony
Hi - Just wondering if you
Hi -
Just wondering if you have heard anything new regarding the load balanced version. We use two front ends and two backends for our configuration.
Regards,
Scottie
Outlook load balanced
Hi,
We have Outlook load balanced using NLB. Our's is not a cookie, but an IP hash. This works 50% of the time (when you choose the right IP to log on from).
We successfully used pickup.html under III.3.3 but not when combined with a load balancer on the ExternalSystem. It appears like the problem is not possible to solve (neatly). Let me try and describe two scenarios - one with IP hashing, and the other with cookie persistence.
1) GCF server acts as client and successfully logs in to Outlook
2) NLB chooses a different back end for Outlook, and so browser does not have a valid log on to Outlook
Solution? Use a separate connector to "pickup" the browser's IP and then use a proxy(?) to spoof a client IP so that NLB selects the same Outlook to log into for GCF as the browser will be redirected to.
1) Netscaler sets a session domain cookie on GCF server
2) GCF server logs in to ES
3) GCF tells browser to pickup pickup.html
4) Netscaler sets a session domain cookie on client browser, which directs to the other backend instance of the ES
5) pickup.html cannot overwrite the cookie as it is still valid
Solution 1? Learn javascript, and find a way of overriding the browser cookie so that the correct "stick to backend" can be set
Solution 2? Provide a mechanism via Netscaler which does not set a load balancer cookie, then call deleteNetCookie.html and redirect on to pickup.html via this route and redirect again to the proper Netscaler ES URL
Or maybe I have been stuck at this brick wall for too long.
Unfortunately to set a domain cookie, the domain needs to be the same as the calling URL (so I cannot get round it by using IP address)
Does any of this make sense?
Derek
Load Balanced Pickup
Rich -
If I direct the BB login to our load balanced machine, I get a response back from my BB system cpip error:
CPIP Notification: The system 'bb' is responding too slowly, please try again after a short wait
Of course, if I got to an individual app server in my bb.properties, it works without a problem. We have bb7.2 installed btw.
Our system is setup to remember which server the user established a session with initially and keeps that affinity for 1 hour.
Is it possible to post your modifed pickup.html and were the pickup.html files placed on all your app servers?
Thanks for any assistance
F5 BigIP settings ???
Gerry and/or Rich:
Are you both using the F5 product for your load balancer? We're still running BB7.1, can you tell me how you have the balancers configured? Specifically, can you tell me how you have the cookie parameters configured? There are passive and active cookie options etc.
--
Andy
F5 setup
Hi,
our F5's BB NLB switches all write their own cookie which contains the backend address.
We needed to make sure that the user's browser had this cookie and was sent to the correct BB backend when doing SSO (i.e. the same one as Luminis has done the authentication too) - otherwise SSO works 1 in 2 times (also a good way to tell if a problem is NLB related - if it works sometimes - remember to close the browser inbtw tests to kill session cookies). This is done by the pickup scripts which insert the F5 BB cookie - just like the other cookies.
rich