test

Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

1.3 Sequence of Interactions

The following sequence describes the interactions between the various components in this deployment example. The interactions are illustrated and the numbered steps correspond to the numbers in the diagrams.

  1. A user attempts to access a J2EE application hosted by Protected Resource 1 and Protected Resource 2.

  2. Load Balancer 6 directs the user to Protected Resource 1.

  3. The J2EE Policy Agent intercepts the request and checks for an Access Manager cookie. In this scenario, no cookie is found and the request is returned to the browser which then redirects it to Load Balancer 4, the load balancer for the Distributed Authentication User Interface.

  4. Load Balancer 4 routes the user request to Distributed Authentication User Interface 2.

  5. Distributed Authentication User Interface 2 displays a login page to the user.

  6. The user enters credentials on the login page and they are returned to Distributed Authentication User Interface 2.

    Incoming request goes to J2EE Policy Agent to Load Balancer 4 and then to DAUI for user credential request and response.

  7. Distributed Authentication User Interface 2 passes the credentials to Load Balancer 3.

  8. Load Balancer 3 routes the credentials to Access Manager 1 for validation.

  9. Access Manager 1 sends a request for validation to Load Balancer 2 which specifically handles Directory Server requests for user data.

  10. Load Balancer 2 routes the request to Directory Server 2 where validation takes place.

    Credentials are passed via load balancer to Access Manager and then Directory Server where validation takes place.

  11. After successful authentication, Access Manager 1 sends the response back to the J2EE Policy Agent. The J2EE Policy Agent receives the request and checks for the Access Manger cookie.

  12. When a cookie is found, the J2EE Policy Agent sends a session validation request to the Access Manager Load Balancer 3.

  13. The Access Manager load balancer forwards the request to the Access Manager 1 where the session originated. Cookie-based persistency enables proper routing.

  14. Access Manager 1 sends a response back to the J2EE Policy Agent.

  15. If the session is not valid, the J2EE Policy Agent would redirect the user to the Distributed Authentication User Interface.

  16. If the session is valid, the J2EE Policy Agent receives the response back and sends a policy request to the Access Manager Load Balancer 3.

  17. The policy request is directed to Access Manager 1 which conducts the policy evaluation.

  18. Based on the policy evaluation, the J2EE Policy Agent either allows access to the resource or denies access to the resource. In this scenario, the user is allowed access to the Application Server.

    Response is returned, session is validated, policy request is sent and access is allowed.