This section enables you to specify a group of Access Manager servers to
connect to in order to authenticate clients. You can select a group of Access
Manager servers to provide fail-over in cases where one or more servers are not
available.
The Enterprise Gateway can connect to a group of Access Manager
Authorization Servers or Dispatcher Servers.
In scenarios where multiple Access Manager Authorization Servers are deployed
for load-balancing purposes, the Enterprise Gateway should first connect to a Dispatcher
Server, which returns a list of active Authorization Servers. An attempt is then
made to connect to one of these Authorization Servers using round-robin
DNS. If the first Dispatcher Server in the Connection Group is not
available, the Enterprise Gateway attempts to connect to the Dispatcher Server
with the next highest priority in the group, and so on.
If a Dispatcher Server has not been deployed, the Enterprise Gateway can connect
directly to an Authorization Server. If the Authorization Server with the
highest priority in the Connection Group is not available, the Enterprise Gateway
attempts to connect to the Authorization Server with the next highest priority,
and so on.
Select the type of the Connection Group by selecting either the
Authorization Server or Dispatcher Server
radio button. All servers in the group must be of the same type.
Select the Connection Group to use for authenticating
clients.
Access Manager Connection Groups can be configured through the
Connection Group dialog. A Connection Group
consists of a number of Access Manager servers. The Enterprise Gateway attempts
to connect to all the servers in the group in a round-robin fashion,
therefore providing a high degree of fail-over. If one or more Access
Manager servers are unavailable for any reason, the Enterprise Gateway can still
connect to an alternative Access Manager server.
The Access Manager servers are listed in order of priority in the
table on the Access Manager Connection Group dialog.
The Enterprise Gateway attempts to connect to the server at the top of the list
first. If this server is not available, a connection attempt is made to
the second server, and so on until an available server is contacted. If
none of the listed servers are available, the client is not authorized
and a SOAP fault is returned to the client.
You can increase or decrease the priorities of the listed Access Manager
servers using the Up and Down buttons.
You can add, edit, and delete Access Manager servers using the
Add, Edit, and Remove
buttons respectively.
You can configure a single Access Manager connection through the
Connection Configuration dialog. To configure a single
Access Manager Connection, complete the following fields:
-
Enter the name or IP address of the machine hosting the selected
Access Manager server in the Location field.
-
Enter the Port on which the specified Access
Manager server is listening.
-
Select a suitable Timeout for connections to this
server.
-
Select the appropriate Connection Type for the
Enterprise Gateway to use when connecting to the specified Access Manager
server. Connections between the Enterprise Gateway and the Access Manager
server can be made in the clear, over anonymous SSL, or over two-way
SSL (mutual authentication).
For two-way SSL, you must select the name of a User
from the User Name drop-down list. This user's
certificate is then used to authenticate to the Access Manager
server. The user must have been granted the Use for client
authentication privilege.
|