Welcome! Log In Create A New Profile

Advanced

Reverse Proxy - API call errors with Sign in failed because the number of sessions has reached the licensed limit

September 28, 2021 04:25PM
We have Laserfiche (document management system) installed on a Windows server with IIS.
We have another system that makes calls to our Docusign subscription and triggers a pull of the signed documents into the Laserfiche repository when new docs are available with an authenticated API call. Additionally users can log into this site and access the user interactive document management system through authentication within the application.

Currently this has traffic going to the web ports directly to IIS without any issue.

We are looking to add in Nginx with ModSecurity for added protection of this service. The Nginx is setup with HTTPS and the backend IIS server also uses HTTPS.

Working on just the reverse proxy portion at this point and we have the user interactive site working fine where users can log in and do all normal functions within the platform.

The issue we have is when we trigger a download of the Docusign documents. We can get 2 of the documents to load before we start getting the message "Sign in failed because the number of sessions has reached the licensed limit, or the user account has reached its session limit, or no named user license has been allocated to the user account. [9030]" from the LaserFiche.HandlerService.

At this point it appears that the way we have Nginx setup, it is making each document/call from Docusign as a separate connection to the backend IIS/Laserfiche server, which we believe is why we are seeing the account have too many sessions. Going straight to the IIS server, this works without error.

Looking for any pointers of what we are doing wrong or things we can try correct our config and have this working.


sitename.conf

server {
# SSL configuration
#
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/wildcard_domain_net.crt;
ssl_certificate_key /etc/nginx/ssl/wildcard_domain_net.key;

gzip off;

server_name lf.domain.net;

# Tell client which ciphers are available
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp521r1:secp384r1;
ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

# Set HSTS to 365 days
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;

location / {
proxy_pass https://backend_server_ip/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-User $http_authorization;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
}
location /mobile/ {
# set mobile to forbidden to protect it
return 403 ;
#root /var/www/html ;
}
}
Subject Author Posted

Reverse Proxy - API call errors with Sign in failed because the number of sessions has reached the licensed limit

grrusaps September 28, 2021 04:25PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 83
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready