I'm implementing CAS 5 as High Availability on Java 8 and Tomcat 8 with haproxy as load balancer and redis as ticket registry. For ticket registry followed details given here. Coming to deployment CAS deployed on two tomcats say T1 and T2.
haproxy conf:
cookie JSESSIONID prefix nocacheserver tomcat1 127.0.0.1:1111 cookie t1 check inter 1000server tomcat2 127.0.0.1:2222 cookie t2 check inter 1000During login giving error
DEBUG [org.apereo.cas.web.support.CookieRetrievingCookieGenerator:141] - <Invalid cookie. Required user-agent Mozilla/5.0AppleWebKit/537.36 Chrome/85.0.4183.121 Safari/537.36 does not matchMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/85.0.4183.121 Safari/537.36>java.lang.IllegalStateException: Invalid cookie. Required user-agentMozilla/5.0 AppleWebKit/537.36 Chrome/85.0.4183.121 Safari/537.36does not match Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121Safari/537.36at org.apereo.cas.web.support.DefaultCasCookieValueManager.obtainValueFromCompoundCookie(DefaultCasCookieValueManager.java:69)~[cas-server-core-cookie-api-5.3.2.jar:5.3.2]at org.apereo.cas.web.support.EncryptedCookieValueManager.obtainCookieValue(EncryptedCookieValueManager.java:42)~[cas-server-core-cookie-api-5.3.2.jar:5.3.2]at org.apereo.cas.web.support.CookieRetrievingCookieGenerator.retrieveCookieValue(CookieRetrievingCookieGenerator.java:139)
But I'm able to login and ticket created, connected to T1 (authentication done on T1 and ticket validation done on T2). After login if I shutdown T1 and logout it gets connecting to T2 (T1 down) and giving error as below
DEBUG [org.apereo.cas.web.support.CookieRetrievingCookieGenerator:141] - java.lang.NullPointerException: nullat org.apereo.cas.web.support.EncryptedCookieValueManager.obtainCookieValue(EncryptedCookieValueManager.java:35)~[cas-server-core-cookie-api-5.3.2.jar:5.3.2]at org.apereo.cas.web.support.CookieRetrievingCookieGenerator.retrieveCookieValue(CookieRetrievingCookieGenerator.java:139)
If I didn't shutdown the logged in instance then there is no issue, able to logout and ticket was destroyed.
I also applied tomcat cluster on T1 and T2 but issue is same.
EncryptedCookieValueManager:
public String obtainCookieValue(final String cookie, final HttpServletRequest request) { final String cookieValue = cipherExecutor.decode(cookie, new Object[]{}).toString(); ............Am I missing anything here? Any one please help in this.