We are using serverRequestCacheType as BASIC because RSA integration works only with this.
Still we need to achieve High Availability as well. We have two nodes.
The login fails first time, because request_id is generated in one node and username/password submission goes to other node.
We face issue with session stickiness as below:
When a protected resource is accessed, the request is first redirected to the URL "LoadBalancerHost/oam/server/obrareq.cgi"
At this point itself the session stickiness should start, Unfortunately It is not.
We are not seeing the OAM_JSESSIONID cookie ( from OAM weblogic server "OAM server" application) as well. Because of this, teh login fails first time always.
The stickiness start only from the second HTTP request. i.e. user submitting the login form to "/oam/server/auth_cred_submit"
After this point, OAM_JSESSIONID is established and available.
If I access a protected resource again from the same browser, the login is successful.
The session continues to be with the same OAM server afterwards for the same browser window.
I guess for the first time request is not reaching weblogic server(May be cgi loading from webSever) . If request reaches weblogic server then only JSESSIONID will get create. Make sure that page is not served from cache. or try using custom login page by deploying war in weblogic.
1. we are already using a custom login page only. It is in a .NET system separately.
2. At WL proxy log, we have noticed obrareq.cgi request is being forwarded to either of weblogic/OAM.
Based on my understanding, it is actually not a CGI script as the name suggests now. Theu have done a java implementation already. "obrareq.cgi" just serves as a context name only and you can see teh java handlers configured in the weblogic.xml.
Anyway we will double confirm from OAM logs that this request reaches OAM/weblogic indeed.
Hitachi-ID uses an Active-Active High Availability loadsharing architecture where you can have 2, 3, or 7 geographically distributed servers. Has any other company offered this, and if not, I wonder why?