test

Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

ProcedureTo Configure the Distributed Authentication User Interface Load Balancer

  1. Access https://is-f5.example.com, the Big IP load balancer login page, from a web browser.

  2. Log in using the following information.

    User name:

    username

    Password:

    password

  3. Click Configure your BIG-IP (R) using the Configuration Utility.

  4. Create a Pool.

    A pool contains all the backend server instances.

    1. In the left pane, click Pools.

    2. On the Pools tab, click Add.

    3. In the Add Pool dialog, provide the following information:

      Pool Name

      AuthenticationUI-Pool

      Load Balancing Method

      Round Robin

      Resources

      Add the IP address and port number of both Distributed Authentication User Interface host machines: da-1:1443 and da-2:1443.

    4. Click Done.

  5. Add a Virtual Server.

    The virtual server presents an address to the outside world and, when users attempt to connect, it would forward the connection to the most appropriate real server.

    Tip –

    If you encounter JavaScriptTM errors or otherwise cannot proceed to create a virtual server, try using Internet Explorer.

    1. In the left frame, Click Virtual Servers.

    2. On the Virtual Servers tab, click Add.

    3. In the Add Virtual Server wizard, enter the virtual server IP address and port number.

      Address

      Enter the IP address for lb-3.example.com

      Service

      9443

    4. Continue to click Next until you reach the Pool Selection dialog box.

    5. In the Pool Selection dialog box, assign the AuthenticationUI-Pool Pool.

    6. Click Done.

  6. Add Monitors.

    Monitors are required for the load balancer to detect backend server failures.

    1. In the left frame, click Monitors.

    2. Click the Basic Associations tab.

    3. Add a TCP monitor to each Web Server node.

      In the Node list, locate the IP address and port number for da-1:1443 and da-2:1443, and select the Add checkbox.

    4. Click Apply.

  7. Configure the load balancer for persistence.

    1. In the left frame, click Pools.

    2. Click the AuthenticationUI-Pool link.

    3. Click the Persistence tab.

    4. Under Persistence Type, select Passive HTTP Cookie.

    5. Under Cookie Name, enter DistAuthLBCookie.

    6. Click Apply.

  8. In the left frame, click BIGpipe.

  9. In the BIGpipe command window, type makecookie IP-address:port.

    IP-address is the IP address of the da-1 host machine and port is the same machine's port number; in this case, 1443.

  10. Press Enter to execute the command.

    Something similar to Set-Cookie: BIGipServer[poolname]=4131721920.41733.0000; path=/ is displayed. Save the numbered value (in this case, 4131721920.41733.0000) for use in To Configure Load Balancer Cookies for the Distributed Authentication User Interface.

  11. In the left frame, click BIGpipe again.

  12. In the BIGpipe command window, type makecookie IP-address:port.

    IP-address is the IP address of the da-2 host machine and port is the same machine's port number; in this case, 1443.

  13. Press Enter to execute the command.

    Something similar to Set-Cookie: BIGipServer[poolname]=4148499136.41733.0000; path=/ is displayed. Save the numbered value (in this case, 4148499136.41733.0000) for use in To Configure Load Balancer Cookies for the Distributed Authentication User Interface.

  14. Log out of the load balancer console.