RSSO Intermittent Authentication Errors (ARERR 623) reported by users

Version 2
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Remedy Single Sign On


    COMPONENT:

    Remedy Single Sign On


    APPLIES TO:

    BMC Remedy SSO 9.x



    PROBLEM:

    The customer has reported multiple Intermittent Authentication Errors (ARERR 623) reported by their end users.  The customer has a network configuration consisting of:
     
    RSSO version 9.1.01.
    AR Server group and Mid Tier servers at version 9.1.00
     
    The load balancers had the following configuration:
     
    1.)  load balancer -> two Mid Tier servers -> load balancer -> multiple AR Servers
    2.)  load balancer -> two Mid Tier servers -> load balancer -> multiple AR Servers
     


    CAUSE:

    Microsoft Internet Explorer bug


    SOLUTION:

    The RSSO token for the client's requests is routed to two Mid Tier servers which is not expected according to the sticky session setting on the load balancer.
     
    If the Mid Tier server is not in sticky session mode, ARERR 623 might occur because the RSSO token might be deleted when the user's session on one Mid Tier server is destroyed but the user's session is still alive on the other Mid Tier server.
     
    In that case if there is an RSSO request routed to the Mid Tier server where the user's session is still alive, the AR server may receive a request with an invalid RSSO token so it may return ARERR 623.
     
    It was found that Microsoft Internet Explorer (IE) version 11 sends a special request to /browserconfig.xml without the cookie set by the Load Balancer.  Therefore the Load Balancer  assigns the client to the Mid Tier server again.

    If the newly assigned Mid Tier server is different than the previously assigned Mid Tier server, it would result in a user's sessions on two Mid Tier servers.
     
    Microsoft has documented a workaround to use a special meta tag in the home page of a website to tell IE to not send the special request to /browserconfig.xml.

    Please see the following Microsoft URL:  

    https://msdn.microsoft.com/en-us/library/dn320426(v=vs.85).aspx

     


    Article Number:

    000131073


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles