cancel
Showing results for 
Search instead for 
Did you mean: 

BO LB URL with Route53

0 Kudos

We have an issue going on with using Route 53 on BO servers

We have a clustered environment with 3 BO servers with Tomcat installed on all of them . The Version is 4.2 Sp04 on windows 2016.

We use Windows Ad and Keberos Authentication to login the users and this has been working fine since the past 2 years.

Now we want to use a loadbalancer URL and we have been running into the below issue whenever i try to login into the system using the LB URL

"The page has expired , Enter your credentials and try again FWC 00006. So i checked with SAP guide and it was mentioned to make changes to the Server.xml file on each tomcat server. I followed the same and did the same adding server names to the server.xml file. But the issue still remained

I did try to use the https://lburl/BOE/BI/LogonNoSso.jsp page and the login page appears but doesnt work and it has the same issue as mentioned above.

My question what else should i do to get the URL working.

I was looking into KBA 2629070 and it mentions to run set spn commands.My question is how do i do this, without disturbing the existing AD and Kerberos authentication. I donot want to disturb any working components at this time.

Did anybody do this previously please let me know what else needs to be configured.

Accepted Solutions (0)

Answers (3)

Answers (3)

0 Kudos

denis.konovalov Adding Session persistance helped it and we didn't have an issue after that. Thanks for the suggestion.

I now want to add SSO to this URL , will running setspn commands do it or should i need to check anything else?

0 Kudos

An update on the above issue.

So we removed all the connections and created a new one pointing to only one tomcat server and it worked without any issues. The minute we added a second tomcat it had the below error

The page has expired , Enter your credentials and try again FWC 00006

I cleared the cookies from the chrome developers tool tab to make sure the sessions is not caching but that didnt help.

denis_konovalov
Active Contributor
0 Kudos

was the session persistence enabled ?
What kind ?

0 Kudos

denis.konovalov I just checked with my Admin on the AWS side who set this up and he hasn't setup any session persistance. We have enabled our SSO for 24 hrs , so should i session persistance also be enabled to the same limit?

denis_konovalov
Active Contributor
0 Kudos

session persistence is not related to SSO process. If you want to use Load balancer - it has to have session persistance enabled

0 Kudos

I might have mixed up both of them but for now he didnt enable session persistance and i think he should enable it sometime today. I will run my tests and update here.

denis_konovalov
Active Contributor
0 Kudos

1. Using load balancer does not require making changes in server.xml on tomcats.
Unless you want to also create tomcat cluster. (which is not a requirement or prerequisite for LB usage)
Read tomcat clustering documentation on https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html
2. On load balancer ensure that session persistence is set (cookie or source IP based) and that LB is not caching any session data.

Once above is functioning with manual authentication - you can follow KBA's to make SSO works when LB is present.

0 Kudos

Hi Denis,

How do i check this :

"On load balancer ensure that session persistence is set (cookie or source IP based) and that LB is not caching any session data".

denis_konovalov
Active Contributor
0 Kudos

consult your load balancer manual or admin.