test

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

1.3 System Behaviors

The following sequence describes the interaction between the various components in this Deployment Example. These interactions are also illustrated in the following pages. The numbered steps here correspond to the numbers in the figures on the following pages.

  1. A user attempts to access the J2EE application hosted by Protected Resource 1 and by Protected Resource 2 through Load Balancer 6. Load Balancer 6 redirects the user to Protected Resource 1.

  2. The J2EE Policy Agent intercepts the request and checks for the Access Manager cookie.

  3. If the Access Manager cookie is not found, the J2EE Policy Agent redirects the user to Load Balancer 4, the load balancer for the Distributed Authentication UI servers.

  4. Load Balancer 4 routes the user request to Authentication UI Server 2.

  5. Authentication UI Server 2 displays a login page to the user.

  6. The user enters credentials on the login page.

  7. Authentication UI Server 2 passes the credentials to Load Balancer 3.

  8. Load Balancer 3 routes the Authentication UI 2 request to Access Manager 1 for validation.

  9. Access Manager 1 sends the Authentication UI 2 request to Load Balancer 2. Load Balancer 2 handles Directory Server requests for user data.

  10. Load Balancer 2 routes the Authentication UI 2 request to Directory Server 2 where validation takes place.

  11. After successful authentication, Access Manager 1 sends the Authentication UI 2 request back to the J2EE Policy Agent. The J2EE Policy Agent receives the request and checks for the Access Manger cookie.

  12. When a cookie is found, the J2EE Policy Agent sends a session validation request to the Access Manager Load Balancer 3.

  13. The Access Manager Load Balancer 3 forwards the request to the Access Manager 1 where the session originated. Cookie-based persistency and routing enables Access Manager to route the request properly.

  14. Access Manager 1 sends a response back to the J2EE Policy Agent.

  15. If the session is not valid, the J2EE Policy Agent would redirect the user to the Distributed Authentication UI server.

  16. In this example, J2EE Policy Agent receives the response back as a valid session. When the session is valid, the J2EE Policy Agent sends a policy request to Access Manager servers' Load Balancer 3.

  17. Access Manager 1 conducts the policy evaluation.

  18. Based on the policy evaluation, the J2EE Policy Agent either allows access to the resource or denies access to the resource. In this example, the user is allowed access to the Application Server.

Figure 1–2 Request for Access

Incoming request goes to the J2EE Policy Agent, to Load Balancer 4, and then to Distributed Authentication UI server.

In this figure, a user attempts to access a protected application. The J2EE Policy Agent intercepts the access request. The Authentication UI is invoked. The Authentication UI server displays a login page to the user.

Figure 1–3 Authentication

Illustration is discussed in body text.

In this figure, the user credentials are passed to Access Manager 1. Access Manager 1 checks the user credentials against Directory Server.

Figure 1–4 Access Granted

Illustration is discussed in body text.

Access Manager authenticates the user, and the J2EE Policy Agent determines that the user's session is valid. The J2EE Policy Agent sends a second request to Access Manager for policy evaluation. Based on the results of the policy evaluation, the J2EE Policy Agent allows access to the application server. Access Manager continues to manage the session until the user logs out.