Does Pega require / work well with IBM WebSphere M2M Session Management?

GunawanD3661 · October 27, 2023, 4:57am

Hi All,

Does anyone know if Pega require session replication in the cluster of app servers? e.g. Leveraging IBM WebSphere Memory-to-Memory (M2M) session replication?
Or best to leave it to no session replication on the cluster of app servers since Pega already have Passivation capability?
What if our pega instances have Passivation on as well as IBM WAS Memory to Memory session replication activated? What would be the behaviour?

Thanks

Anthony_Gourtay · October 27, 2023, 7:53am

Hello,

We’re on websphere and we don’t use this setting and it works fine but lots of settings depends on technical & business requirements.

Websphere is deprecated from 8.7 so you should consider PEGA capacity as much as you can to be future proof and to avoid having to rework based on technology change.

Regards

Anthony

GunawanD3661 · October 30, 2023, 3:39am

Thanks for the response.

It can be switched off, however, what I am trying to find out, if when both handling user sesion mechanisms (IBM M2M and Pega Passivation) are on, will it work well without issue?

I am facing the following issue, when one login via SAML, in the process of validating SAML response, when JSESSIONID failovers, the user will be presented with Pega Login screen.

Below is the chronological sequence of events:

User go to Node A
Routed to ADFS
Coming back from ADFS, user is routed to Node B
SAML response validated successfully in Node B
Node B detected same requestor ID found in Node A and trigger to destroy the requestor in Node A (look for requestor “HLXCXLCNWZSEF8C7E7Q552E8E77MY0R8NA”)
Node B then unable to detect the Auth Service to use (it’s blank)
Node B presents Pega login screen.

Node B logs:

2023-10-25 09:10:12,665 [    WebContainer : 4] [          ] [                    ] [                    ] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Requestor type not found from cookie so fetched requestor type from query map
2023-10-25 09:10:12,665 [    WebContainer : 4] [          ] [                    ] [                    ] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - retrieving an active requestor using mRequestorId: HLXCXLCNWZSEF8C7E7Q552E8E77MY0R8NA
2023-10-25 09:10:14,134 [    WebContainer : 4] [  STANDARD] [                    ] [                    ] (    mgmt.base.NodeRequestorMgt) INFO  xxxxx.fqdn.com  - [Quiesce] Found requestor [HLXCXLCNWZSEF8C7E7Q552E8E77MY0R8NA] on remote node: b3d6639e-c509-441a-a4c4-b4f0fd9c9d1b
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [                    ] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - getObfuscationKey(): Getting obfuscation key=null, for Requestor IdHD2HCPOTL6N71USHGII2RC6U42RYW00A0A
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [                    ] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Updated cookie path is /xxx/PRAuth/app/default/
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - [ Locale info for: STANDARD ]
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - LstReq: en_US
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Specif: null
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Client: en_US
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Thread: en_US
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - [ Device info for: STANDARD ]
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - LstReq: null
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Specif: null
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Thread: 
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Password is not decoded
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - primary page name - pzPrimaryPageName  null
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - primary page name - pzPrimaryPageName  null
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - tenantid hash = shared
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - authServiceName =  
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - mapKey = <<PRAuth: shared:PRAuth>>
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - Creating new SchemePRAuth instance for 
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - Unable to open AuthService definition initializing SchemePRAuth with defaults 
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - tenantid hash = shared
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - authServiceName =  
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - mapKey = <<PRAuth: shared:PRAuth>>
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - Creating new SchemePRAuth instance for 
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - Unable to open AuthService definition initializing SchemePRAuth with defaults 
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Stream name identified in input map : null
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) INFO  xxxxx.fqdn.com  - Input activity param sent is NULL.
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - --- Settings to be considered before performing authentication---
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - sAuthFlag : null
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - is snapstart case :false
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (ngineinterface.service.HttpAPI) DEBUG xxxxx.fqdn.com  - Is authentication required : false
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - New context is created while executing pre auth
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - Fetching Platform Authentication instance
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - Show pre login screen for user to select auth service 
2023-10-25 09:10:14,181 [    WebContainer : 4] [  STANDARD] [                    ] [         PegaRULES:8] (mt.authentication.SchemePRAuth) DEBUG xxxxx.fqdn.com  - Poping New context created after execution of pre auth

Node A logs:

2023-10-25 09:10:14,153 [otejob-executor-3053] [  STANDARD] [                    ] [                    ] ( internal.mgmt.PRRequestorImpl) INFO    - [QuiescePassivation] forcePassivateInner: passivated or destroyed requestor [HLXCXLCNWZSEF8C7E7Q552E8E77MY0R8NA]

PegaRULES.zip (4.26 KB)

Anthony_Gourtay · October 30, 2023, 8:35am

@GunawanD3661

Hello,

Tricky since we don’t use same authentication process. We use SSO and for this, since user doesn’t really need to authenticate on its own he enters immediately PEGA application and then it’s up to passivation.

But you’ll retrieve all from PEGA itself, I’m not sure to see how M2M will intervene to help here.

Well, maybe a last check to be done is your default access group for Portal/Browser. If it’s PRPC unauthenticated then by default you won’t be able to directly re-access your application. You need to make one application specific or it won’t work.

If this doesn’t work neither then I’ll have got to admit that I’m clueless for this point and that you’ll need someone else view

Regards

Anthony

GunawanD3661 · November 16, 2023, 7:46am

Pega Support team has confirmed that the app server session replication is not supported by Pega (INC-A18968).

Conversation		Replies	Views
How does it manage sessions in Pega? General pega-platform , agent-desktop	1	323	March 6, 2024
cLSA Security Excellence webinar - Q&A about Authentication General lead-system-architect , security , 8-5	0	710	March 10, 2021
Pega Archiving: Multiple Storage Repositories in one instance of pega General pega-platform , system-administration , installation-and-deployment , data-model , 8-8	2	66	August 14, 2024
problem starting jboss on pega server General solutions-consultant , system-administration , installation-and-deployment , data-model , 7-1-7	2	287	August 31, 2022
Passing custom data to the chatbot (NEW Digital Messaging Web Chat) User Experience user-experience , security , conversational-channels , chat-and-messaging , pega-customer-service , 8-7	4	335	May 13, 2023

Does Pega require / work well with IBM WebSphere M2M Session Management?

Related topics