<div dir="ltr"><div><div><div><div><div>Hi,<br><br></div>I posted this question before but never got any response. When student login using a portable device (like iPad) and using the cellular network to the lonbalancer, the student is be authenticated and is then transferred to one of the access server. However, the session immediately got kick back to the lonbalancer, and because the system uses SSO, it immediately transfers the session back to the access server. It forms an endless loop and the student never get to the roles page.<br>
<br></div>Checking the logs this is what I can determine. <br><br></div>In the activities log, there are lots of sequential entries like<br><br>1379531706:fsua0:Switch Server to fsua2 with role <ip address> almost always coming from <a href="http://mobile-xxx-mycingular.net">mobile-xxx-mycingular.net</a><br>
<br></div>Checking the lonbalancer log (under /var/log/httpd) there are entries like<br><br>ssl_access_log:ip address - - [18/Sep/2013:15:23:31 -0400] "GET /adm/roles?ticket=ST-1954238-wIoLGFGIQacDNCdcsrXy-casprd2 HTTP/1.1" 200 11318<br>
<br>ssl_error_log:[Wed Sep 18 15:10:33 2013] [error] access to /home/httpd/html/adm/switchserver failed for <ip address>, reason: Cookie not valid<br><br></div>In the access server log, there is no entries with the ip address but there are entries with the username like <br>
<br><div>access_log:<different ip address from lonbalancer> - - [18/Sep/2013:15:10:32 -0400] "GET /adm/login HTTP/1.1" 200 2795 "<a href="http://loncapa2.fsu.edu/adm/login?domain=fsu&username=xxxxx&token=24824_128_186_7_151_9">http://loncapa2.fsu.edu/adm/login?domain=fsu&username=xxxxx&token=24824_128_186_7_151_9</a>" "Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25"<br>
<br></div><div>Some how when the session is transferred from the lonbalancer to the access server, a different ip address is reported to the access server. This is the only clue I can find as to why the student cannot get to the roles page. Maybe it is a red herring. So question is has anyone seen this behavior before? Also, why is the ip address different? <br>
<br></div><div>Any pointers?<br><br></div><div>Thanks,<br></div><div>-hk<br><br></div></div>