Forum Discussion

Lohit's avatar
Lohit
Icon for Nimbostratus rankNimbostratus
May 16, 2025

Thanks for the response.

 

We have 2 applications deployed in Cluster. (F5 is fronending it) 

1. Maximo (https://abc.com/maximo) --- Session management enabled with Cookie (JSESSIONID)

2. WebsphereISP (AcS Assertion with Entra).  The assertion URL within websphere security is configured as https://abc.com/samlsps/acs.  --- Session management enabled with Cookie (JSESSIONIDSAML)

 

SAML flow is mentioned as per the below link.

https://www.ibm.com/docs/en/was/9.0.5?topic=sign-saml-single-scenarios-features-limitations

https://www.ibm.com/docs/en/was/9.0.5?topic=swss-enabling-saml-sp-initiated-web-single-sign-sso

 

The problem what i feel is when we hit LB URL  (1) it routes to a particular JVM and then again to initiate Assertion authentication with Entra we are using (2). During this flow i believe , JSESSIONID is lost between Entra and Application. 

 

DO you think your solution should still work in this case?

 

 

 

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for MVP rankMVP
    May 16, 2025

    If JSESSIONID is not included probably not.
    If you leave only one Http server available, the same to both pools, does it work?

    • Lohit's avatar
      Lohit
      Icon for Nimbostratus rankNimbostratus
      May 16, 2025

      I can enforce JSESSIONID same as both.. But with that as well the problems persisted earlier. If 1 HTTP Server is up and running, The redirect is still happening but response is better compared to previous case.

       

      • Injeyan_Kostas's avatar
        Injeyan_Kostas
        Icon for MVP rankMVP
        May 16, 2025

        If you have same issue even with only one http server, then your problem is not persistence