Problem
User has reported that they are having problems logging into TIBCO JasperReports® Server 7.5 web application from a two node server farm deployment. Both nodes are connected to a single JasperReports® Server 7.5.0 repository database. While from one node user is able to login it is failing from another node using the same credential. If the user changes the password from one node, only that node will allow the user to login. The other node that was working will fail the login after the password change with a "Invalid Credential" error.
Cause
In the pre version 7.5.0 implementation, all JasperReports Server installations will share the same keystore by default to encrypt and decrypt password content stored in the JasperReports Server repository database. JasperReports Server instances running in different server nodes can access password information in a shared repository without problems.
Starting in version 7.5.0, JasperReports Server is implemented with a server specific keystore to encrypt password information in repository resources. If users have two server nodes serving JasperReports Server 7.5.0, the keystore encryption will be different by default among those two nodes. Therefore, in a JasperReports Server 7.5.0 server farm deployment where multiple server nodes share the same repository, those JasperReports Server 7.5.0 instances must use the same keystore in order to correctly encrypt and decrypt resource password content from that shared repository. Otherwise, only the JasperReports Server node that most recently created/updated a password encrypted and stored in the shared repository will be able to decrypt that password content to correctly authentical an access request.
Solution
Users need to make sure the content of the following two files (under Linux root or Windows Users{user} root) are identical in all JasperReports Server 7.5.0 server deployments in a server farm sharing a single repository:
- .jrsksp
- .jrsks
Users can simply copy those files from the JasperReports Server deployment that was used to set up the repository DB during the installation and replace those files in another deployments in identical location.
References
Please refer to this wiki article for the thorough explanation of this JasperReports Server 7.5.0 encryption implementation and use case scenarios dealing with the deployment issues:
Additional information from the following customer wiki postings are also helpful to further detail the implementation:
- https://community.jaspersoft.com/wiki/tibco-jasperreports-server-75-encryption-configuration-files
- https://community.jaspersoft.com/wiki/how-move-tibco-jasperreports-server-750-encryption-keystore-files-shared-linux-folder
- https://community.jaspersoft.com/wiki/migrating-tibco-jasperreports-server-repository-content-between-two-75-version-server
TTC-20200827
Recommended Comments
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now