SSO not working across instances


I’m trying to get the SSO to work across instances but I just can’t make it work.

I have 3 machines, 1 is running DAS and the other two are running Payara Server instances with shared configuration.

In this configuration I have the Availability service enabled
In Web Container Availability I have Single Sign-On State enabled and Persistence Type set to Hazelcast
In HTTP Service SSO is Enabled
In Virtual Server SSO is Enabled

Then I have 2 Applications
Both have <distributable/> tag in web.xml
Both have cookieDomain and cookiePath set in glassfish-web.xml

Now the problem:
When I deploy Application1 and Application2 both on the same instance, the SSO works.
I have login page in Application1 and after logging in there, I can access secured pages in Application2.

BUT, when I deploy Application1 on Instance1 and Application2 on Instance2, then I login to Application1 and then I access Application2 on Instance2, I get this error message in log:

[2023-08-15T15:02:46.177+0200] [Payara 6.2023.6] [SEVERE] [AS-WEB-CORE-00037] [jakarta.enterprise.web.core] [tid: _ThreadID=105 _ThreadName=http-thread-pool::http-listener-1(1)] [timeMillis: 1692104566177] [levelValue: 1000] [[
  An exception or error occurred in the container during the request processing
java.lang.NullPointerException: Cannot invoke "org.apache.catalina.core.StandardContext.getManager()" because "context" is null
	at org.glassfish.web.ha.authenticator.HASingleSignOnEntry.<init>(
	at org.glassfish.web.ha.authenticator.HASingleSignOn.lookup(
	at org.apache.catalina.core.StandardPipeline.doInvoke(
	at org.apache.catalina.core.StandardPipeline.invoke(
	at org.apache.catalina.connector.CoyoteAdapter.doService(
	at org.apache.catalina.connector.CoyoteAdapter.service(
	at org.glassfish.grizzly.http.server.HttpHandler.runService(
	at org.glassfish.grizzly.http.server.HttpHandler.doHandle(
	at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(
	at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(
	at org.glassfish.grizzly.ProcessorExecutor.execute(
	at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(
	at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(
	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(
	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$
	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(
	at org.glassfish.grizzly.threadpool.AbstractThreadPool$
	at java.base/

Does anyone know what I’m missing or what am I doing wrong? If so, please try to direct me in the right way.

Thank you all in advance,
have a good day.

I think this solution wont work in principle. According to the manual - the sso-enabled flag meaning:
If true, single sign-on is enabled by default for all web applications on all virtual servers on this server instance that are configured for the same realm

NOT across different instances