11.3 Configuring and Verifying Session Failover

Use the following list of procedures as a checklist for configuring and verifying session failover.

1. To Configure Access Manager for Session Failover

2. To Verify That the Administrator Session Fails Over

3. To Verify that the User Session Fails Over

To Configure Access Manager for Session Failover

1. Access http://LoadBalancer-3.example.com:7070/amserver/UI/Login from a web browser.

2. Log in to the Access Manager console as the administrator.

   Username

   amadmin

   Password

   4m4dmin1

3. Click the Configuration tab.

4. Under Global properties, click Session.

5. Under Secondary Configuration Instance, click New.

6. In the Add Sub Configuration page, provide the following information.

   Name

   Enter the load balancer URL https://loadbalancer-3.example.com:9443

   ---

   Tip –

   The case of the load balancer URL should match that of the Primary Site ID.

   ---

   Session Store User

   Enter msgquser

   Session Store Password

   Enter m5gqu5er

   Session Store Password (confirm)

   Enter m5gqu5er

   Maximum Wait Time

   Keep the default value of 5000.

   Database URL

   Enter MessageQueue-1.example.com:7777,MessageQueue-2.example.com:7777.

   This is the Message Queue broker address list. Enter multiple values using a comma and no space.

7. Click Add.

8. Click Save.

9. Log out of the Access Manager console.

10. Restart the Web Server 1 instance.

    1. Log in to the Access Manager 1 host machine.

    2. Restart the Web Server 1 instance.

       # cd /opt/SUNWwbsvr/https-AccessManager-1.example.com/bin # ./stopserv; ./startserv

    3. Log out of the Access Manager 1 host machine.

11. Restart the Web Server 2 instance.

    1. Log in to the Access Manager 2 host machine.

    2. Restart the Web Server 2 instance.

       # cd /opt/SUNWwbsvr/https-AccessManager-2.example.com/bin # ./stopserv; ./startserv

    3. Log out of the Access Manager 2 host machine.

To Verify That the Administrator Session Fails Over

Before You Begin

Both Access Manager 1 and Access Manager 2 should be up and running before you begin this verification procedure.

1. As a root user, log in to the AccessManager–2 host machine.

2. Change to the bin directory.

   # cd /opt/SUNWwbsvr/https-AccessManager-2.example.com/bin

3. Stop Access Manager 2.

   # ./stopserv

4. Access http://LoadBalancer-3.example.com:7070/amserver/UI/Login from a web browser.

   1. Log in to the Access Manager console as the administrator.

      Username

      amadmin

      Password

      4m4dmin1

   2. Click the Sessions tab.

   3. In the View field, select Access Manager-1.example.com:1080 from the drop down list.

      Verify that only amadmin exists in the Sessions table.

   4. In the View field, select Access Manager-2.example.com:1080 from the drop down list.

      You will see an error message indicating the server is down.

   5. Leave this browser window 1 open.

5. Start Access Manager 2.

   # ./startserv

6. As a root user, log in to the AccessManager–1 host machine.

7. Change to the bin directory.

   # cd /opt/SUNWwbsvr/https-AccessManager-1.example.com/bin

8. Stop Access Manager 1.

   # ./stopserv

9. Going back to the Access Manager console in browser window 1, under the Sessions tab, select Access Manager-1.example.com:1080 from the View drop down list.

   You will see an error message indicating the server is down.

10. Now select Access Manager-2.example.com:1080 from the View drop down list.

    Verify that only amadmin exists in the Sessions table. This indicates that although AccessManager–1 was stopped, the Access Manager LoadBalancer-3 directed the request to AccessManager–2 and a session for amadmin was successfully created in AccessManager–2. If session failover was not enabled, it would have resulted in a login page.

To Verify that the User Session Fails Over

Before You Begin

This procedure assumes that you have just completed To Verify That the Administrator Session Fails Over.

1. Access http://LoadBalancer-3.example.com:7070/amserver/UI/Login?realm=users from a second browser window.

2. Log in to the Access Manager console as testuser1.

   Username

   testuser1

   Password

   password

   The Edit User page for testuser1 is displayed. Because Access Manager 1 was stopped, the user session is created in Access Manager 2.

3. Leave browser window 2 open.

4. Using browser window 1, click the Sessions tab.

5. In the View field, select Access Manager-2.example.com:1080 from the drop down list.

   Verify that amadmin and testuser1 exist in the Sessions table.

6. On the AccessManager–1 host machine, change to the bin directory.

   # cd /opt/SUNWwbsvr/https-AccessManager-1.example.com/bin

7. Start AccessManager–1.

   # ./startserv

   Both Access Manager–1 and Access Manager–2 are up and running.

8. On the AccessManager–2 host machine, change to the bin directory.

   # cd /opt/SUNWwbsvr/https-AccessManager-2.example.com/bin

9. Stop Access Manager–2.

   # ./stopserv

10. Using browser window 1, click the Sessions tab.

    1. In the View field, select Access Manager-1.example.com:1080.

       Verify that amadmin and testuser1 exist in the Sessions table. This indicates that the session successfully failed over to AccessManager–1.

       ---

       Tip –

       If testuser1 is not displayed, refresh the browser window 2 page.

       ---

    2. In the View field, select Access Manager-2.example.com:1080

       You will see an error message indicating the server is down.

11. Log out of the consoles and the host machines.