Hi, we've an IBM ODM installation with 4 nodes running on liberty 24. The 4 nodes serve HTTP REST requests with massive throughput. They're balanced by an Apache server with ROUND ROBIN.
The 4 nodes are continuously displaying the following message:
com.ibm.ws.security.token.internal.TokenManagerImpl I CWWKS4001E: The security token cannot be validated. This can be for the following reasons
1. The security token was generated on another server using different keys.
2. The token configuration or the security keys of the token service which created the token has been changed.
3. The token service which created the token is no longer available.
Apparently, the actual reason is because the client application (or the Apache load balancer) are sending the LPTA token stored in a cookie from a previous call, then Apache is redirecting to the next ODM backend node following ROUND-ROBIN and the message is displayed because, in fact the token was generated on another back-end server.
This message is written after each and every call in production and causing unnecessary and annoying log file rotation.
We have tried setting a traceSpecification like this: "*=error:com.ibm.ws.security.token.internal.*=off" but it does not work, wen cannot avoid the massive messages.
Can you explain how this cookie mechanism works?
Is there some configuration in the client or in the server to avoid this situation?
Thanks and regards.
------------------------------
Eduardo Izquierdo Lázaro
Automation Architect
DECIDE
Madrid
609893677
------------------------------