User Tools

Site Tools


maintenance:general:http_proxies

Http Proxy servers

NetYCE uses session cookies for each login that allow for single-sign-on for the duration of the session (which is limited by default to 12 hours). These session cookies are created in such a way that they allow access to NetYCE systems in different environments (like production and test), even when the user was logged in to the production environment only.

For this reason these session cookies are calculated from various components. Among these is the client ip-address which is present to distinguish between sessions for the same user-id originating from different locations (multi sign-on).

In situations where the users access the NetYCE systems using multiple proxy servers this mechanism breaks down because the proxy server ip-address is used. Depending on the proxy server chosen a cookie is validated or rejected and single-sign-on over the various systems becomes unpredictable.

To overcome this problem, the ip-addresses of these proxy servers can be added to the NetYCE configuration which are then properly handled to create the required session cookies.

The ip-addresses of the used proxy servers must be added to the NetYCE system configuration file <sysname>_yce.conf that is located in the directory /opt/yce/etc.

Edit this file (as 'yce' user) and locate the @proxies list. Should the list not be included, execute yce_setup.pl -r which will add the entry. If it does not, the feature is not supported in you running version (requires 7.2.0 or higher).

# optional proxy servers for users (login ip override)
our @proxies = ();

Change the entry to include all ip-addresses of the proxy servers in the @proxies list as below.

# optional proxy servers for users (login ip override)
our @proxies = ('172.17.10.1', '172.17.10.2', '172.17.10.3');

After saving the file, restart the mojo process (as 'yce' user)

go restart mojo

This procedure must be repeated for all NetYCE servers in the various environments. The proxy address entered may be different from system to system depending on setup. There is no limit on the number of proxy addresses.

LDAP: couldn't connect to LDAP server
maintenance/general/http_proxies.txt · Last modified: 2022/05/25 08:42 by yspeerte