Authentication service not working for all nodes
SummaryUsers cannot log in to the application on three of four nodes because the Authentication Service is not working. Trying to log in gives an application server error as below:
Error MessagesOn screenThere has been an issue; please consult your system administrator.In PegaRULES log
Caused by: com.pega.pegarules.pub.generator.RuleNotFoundException: Failed to find a 'RULE-OBJ-ACTIVITY' with the name 'AUTHENTICATIONRULENAME' that applies to 'Code-Security'. There were 1 rules with this name in the rulebase, but none matched this request. The 1 rules named 'AUTHENTICATIONRULENAME' defined in the rulebase are:
1 related to applies-to class 'Code-Security', but were defined in rulesets which are not in your rulesetlist: 'Authruleset:01-01-01'
Steps to ReproduceTry to log in to Pega through the Single Sign-On (SSO) servlet.
Root CauseA defect in Pegasystems’ code or rules. The application has a custom access group for unauthenticated users for the application. That access group has permissions for Code-Security. However, access groups are data instances rather than rules and thus changes are not pushed to other nodes by the System Pulse. Instead, they are cached to the JVM. Data instances can thus be different in the cache on different nodes. The nodes that could not be accessed had the wrong data instance cached, which used PRPC:Unauthenticated rather than the custom access group.
ResolutionPerform the following local-change: connect directly to each node (instead of going through the load balancer) and save the custom access group, which will cache the correct version.
Published May 16, 2017 - Updated May 17, 2017