Support Article

Authentication service not working for all nodes

SA-38069

Summary



Users cannot log in to the application on three of four nodes because the Authentication Service is not working. Trying to log in gives an application server error as below:


Error Messages



On screen
There has been an issue; please consult your system administrator.

In PegaRULES log
Caused by:
com.pega.pegarules.pub.generator.RuleNotFoundException: Failed to find a 'RULE-OBJ-ACTIVITY' with the name 'AUTHENTICATIONRULENAME' that applies to 'Code-Security'. There were 1 rules with this name in the rulebase, but none matched this request. The 1 rules named 'AUTHENTICATIONRULENAME' defined in the rulebase are:
1 related to applies-to class 'Code-Security', but were defined in rulesets which are not in your rulesetlist: 'Authruleset:01-01-01'

Steps to Reproduce



Try to log in to Pega through the Single Sign-On (SSO) servlet.

Root Cause



A defect in Pegasystems’ code or rules. The application has a custom access group for unauthenticated users for the application. That access group has permissions for Code-Security. However, access groups are data instances rather than rules and thus changes are not pushed to other nodes by the System Pulse. Instead, they are cached to the JVM. Data instances can thus be different in the cache on different nodes. The nodes that could not be accessed had the wrong data instance cached, which used PRPC:Unauthenticated rather than the custom access group.

Resolution



Perform the following local-change: connect directly to each node (instead of going through the load balancer) and save the custom access group, which will cache the correct version.

Published May 16, 2017 - Updated May 17, 2017

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.