test

Deployment Example: Single Sign-On, Load Balancing and Failover Using Sun OpenSSO Enterprise 8.0

ProcedureTo Configure Load Balancer Cookies for the Distributed Authentication User Interface

Access to the Distributed Authentication User Interface is through Load Balancer 3. In order to maintain server affinity, the Distributed Authentication User Interface needs to specify sticky cookies. Towards this end, AMDistAuthConfig.properties is modified on both Distributed Authentication User Interface host machines.

  1. As a root user, log in to the da–1 host machine.

  2. Switch to the non-root user.


    # su da80adm

  3. Change to the non-root user directory.


    # cd /export/da80adm

  4. Modify AMDistAuthConfig.properties as follows.

    • Uncomment the last two lines at the end of the file.

    • Set the following property values:


      • com.iplanet.am.lbcookie.name=DistAuthLBCookie


      • com.iplanet.am.lbcookie.value=4131721920.41733.0000
    Note –

    Use the same cookie name for the value of the com.iplanet.am.lbcookie.name property that was specified for load balancer persistence in To Configure the Distributed Authentication User Interface Load Balancer. Failure to do so might cause the OpenSSO Enterprise login page to go into a loop since stickiness could not be maintained based on the cookie name.

  5. Save the file and close it.

  6. Restart the Web Server instance.


    # cd /opt/SUNWwbsvr/https-da-1.example.com/bin
# ./stopserv; ./startserv

  7. Log out of the da–1 host machine.

  8. As a root user, log in to the da–2 host machine.

  9. Switch to the non-root user.


    # su da80adm

  10. Change to the non-root user directory.


    # cd /export/da80adm

  11. Modify AMDistAuthConfig.properties as follows.

    • Uncomment the last two lines at the end of the file.

    • Set the following property values:


      • com.iplanet.am.lbcookie.name=DistAuthLBCookie


      • com.iplanet.am.lbcookie.value=4148499136.41733.0000
    Note –

    Use the same cookie name for the value of the com.iplanet.am.lbcookie.name property that was specified for load balancer persistence in To Configure the Distributed Authentication User Interface Load Balancer. Failure to do so might cause the OpenSSO Enterprise login page to go into a loop since stickiness could not be maintained based on the cookie name.

  12. Save the file and close it.

  13. Restart the Web Server instance.


    # cd /opt/SUNWwbsvr/https-da-2.example.com/bin
# ./stopserv; ./startserv

  14. Log out of the da–2 host machine.