Deployment Scenarios for Session Quota Constraints (Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide)

Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide

Deployment Scenarios for Session Quota Constraints

The following OpenSSO Enterprise deployments support session quota constraints:

OpenSSO Enterprise single server deployment

In this scenario, OpenSSO Enterprise is deployed on a single host server. OpenSSO Enterprise maintains the active session counts in memory for all logged in users. When a user attempts to log in to the server, OpenSSO Enterprise checks whether the number of the valid sessions for the user exceeds the session quota and then takes action based on the configured session quota constraints options.
OpenSSO Enterprise session failover deployment

In this scenario, multiple instances of OpenSSO Enterprise are deployed on different host servers in a session failover configuration. The OpenSSO Enterprise instances are configured for session failover using Sun Java System Message Queue (Message Queue) as the communications broker and the Oracle Berkeley DB as the session store database. For more information about OpenSSO Enterprise session failover, see Chapter 8, Implementing OpenSSO Enterprise Session Failover.

In a session failover deployment, when a user attempts to log in, the OpenSSO Enterprise server receiving the session creation request first retrieves the session quota for the user from the OpenSSO Enterprise identity repository. Then, the OpenSSO Enterprise server fetches the session count for the user directly from the centralized session repository (accumulating all the sessions from all the OpenSSO Enterprise servers within the same site) and checks whether the session quota has been exhausted. If the session quota has been exhausted for the user, the OpenSSO Enterprise server takes action based on the configured session quota constraints options.

If session constraints are enabled in a session failover deployment and the session repository is not available, users (except superuser) are not allowed to log in.

In a session failover deployment, if an OpenSSO Enterprise instance is down, all the valid sessions previously hosted by that instance are still considered to be valid and are counted when the server determines the actual active session count for a given user. An OpenSSO Enterprise multiple server deployment that is not configured for session failover does not support session quota constraints.