Online command used to enable Multi-Data Center mode.
Description
This command enables Multi-Data Center mode. It takes a value equal to the full path to, and name of, the MDC.properties file.
Note:
Setting the SSO Token version to 5 is not supported from the administration console. To do this, modify the Access Manager Settings page and run the enableMultiDataCentreMode WLST command to set.
Syntax
enableMultiDataCentreMode(propfile="../MDC_properties/oamMDCProperty.properties")
| Argument | Definition |
|---|---|
|
|
Mandatory. Takes a value equal to the full path to, and name of, the |
Table 18-2 oamMDC.properties Properties
| Property | Definition |
|---|---|
|
SessionMustBeAnchoredToDataCenterServicingUser |
Takes a value of True (Invalidate) or False (No Invalidation). |
|
SessionDataRetrievalOnDemand |
Takes a value of True (Cross DC retrieval) or False (No). Data retrieval can be turned off without disabling MDC. If False, session data is not transferred but SSO is still performed as the user moves across DCs. NOTE: SessionDataRetrievalOnDemand must be set to False when deploying in Co-existence mode. |
|
Reauthenticate |
Takes a value of True (force reauthentication) or False (No forced reauthentication). |
|
SessionDataRetrievalOnDemandMax_retry_attempts |
Takes a value equal to a binary that represents the number of times to retry data retrieval when it fails. Default is 2. |
|
SessionDataRetrievalOnDemandMax_conn_wait_time |
Takes a value equal to a binary that represents the total amount of time in seconds to wait for a connection. Default is 1000. |
|
SessionContinuationOnSyncFailure |
Decides the session adoption action on fail over. When set to 'true', the session will continue on the DC servicing the current request even though the parent DC is down/not reachable. The session will be created in the DC servicing the current request from the mandatory minimal information available in the incoming token. When set to 'false', the user will be challenged on fail-over scenarios. |
|
MDCGitoCookieDomain |
Specifies the domain with which the OAM_GITO cookie should be set. In MDC deployments where a common cookie domain hierarchy cannot be derived, this setting should be commented or removed as described in Inactivity time outs scenario. |
Table 18-3 Properties for MDC.properties File
| Property Name | Description |
|---|---|
|
SSOCookieDomain |
Takes a value equal to the single sign-on cookie domain. |
|
SSOCookieDomainEnabled |
When set to true, the single sign-on cookie domain is enabled. |
|
Reauthenticate |
When set to true, the user is always authenticated when the first request arrives at a given data center. In our example, if the user is already authenticated by NYDC and is now redirected to LDC, the user will be authenticated again. |
|
SessionDataRetrievalOnDemand |
When set to true, the session is retrieved from the previous data center. When set to false, the MDC will behave in “active-failover" mode - which means session synchronization will not happen. |
|
SessionMustBeAnchoredToDataCenterServicingUser |
This is only relevant when “SessionDataRetrievalOnDemand" is set to true. When set to true the session is removed from the previous data center so the user will have only one active session across the data centers. |
|
SessionDataRetrievalOnDemandMax_retry_attempts |
This specifies the number of attempts to be made to retrieve the session from the other data center. |
|
SessionDataRetrievalOnDemandMax_conn_wait_time |
This specifies in milliseconds the time out value for session retrieval. |
|
SessionContinuationOnSyncFailure |
When set to true, this specifies if the user session should continue when the session fetch among data centers fails due to the remote DC being unreachable. |
Sample oamMDCProperty.properties File
SessionMustBeAnchoredToDataCenterServicingUser=false SessionDataRetrievalOnDemand=true Reauthenticate=true SessionDataRetrievalOnDemandMax_retry_attempts=3 SessionDataRetrievalOnDemandMax_conn_wait_time=80 SessionContinuationOnSyncFailure=true #MDCGitoCookieDomain=.example.com <This setting should be provided only if there is a common cookie subdomain across the WGs and DCs>
Example
The following command enables this data center.
enableMultiDataCentreMode(propfile="../MDC_properties/oamMDCProperty.properties")