[midPoint] Clustered setup and http sessions
Jason Everling
jeverling at bshp.edu
Wed Mar 1 01:10:06 CET 2017
As Petr mentioned, We have a few clustered tomcat applications and we use
both, a hardware load balancer and tomcat's session replication. The load
balancers job is to just direct traffic to the available nodes. We do not
cluster midpoint but it should still work the same, we use CAS sso for
midpoint which does it's own session management. Setting up session
replication in tomcat is not too difficult, the below should get you
started,
http://tomcat.apache.org/tomcat-8.0-doc/cluster-howto.html
JASON
On Tue, Feb 28, 2017 at 3:50 PM, Petr Gašparík - AMI Praha a.s. <
petr.gasparik at ami.cz> wrote:
> Or, of course, you can use VIP in front of both midpoints and use sticky
> session. This way, one user will always communicate with one server.
>
> It is not real failover, if one server is down, then its users have to
> relogin. But it works for loadbalancing well.
>
> --
>
> s pozdravem
>
> Petr Gašparík
> solution architect
>
> gsm: [+420] 603 523 860 <+420%20603%20523%20860>
> e-mail: petr.gasparik at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
> web: www.ami.cz
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/audit-roli-a-opravneni-sap>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
> 2017-02-28 22:48 GMT+01:00 Petr Gašparík - AMI Praha a.s. <
> petr.gasparik at ami.cz>:
>
>> Hi,
>> if you mean through database, then no, this is not shared.
>>
>> Session is held on Tomcat, so you can set up HA on Tomcat level.
>> Or, put real access manager in front of both midpoints (for example, CAS
>> is preintegrated
>> <https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854>) and
>> keep SSO session there. Plus, use other benefits of AM.
>>
>> regards, Petr
>>
>> --
>>
>> s pozdravem
>>
>> Petr Gašparík
>> solution architect
>>
>> gsm: [+420] 603 523 860 <603%20523%20860>
>> e-mail: petr.gasparik at ami.cz
>>
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel.: [+420] 274 783 239 <274%20783%20239>
>> web: www.ami.cz
>>
>>
>> [image: AMI Praha a.s.]
>>
>> [image: AMI Praha a.s.]
>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/audit-roli-a-opravneni-sap>
>>
>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>> společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
>> písemnou formu.
>>
>>
>> 2017-02-28 15:02 GMT+01:00 Pertti Kellomäki <
>> pertti.kellomaki at datactica.fi>:
>>
>>> Hi all,
>>>
>>> In a clustered setup https://wiki.evolveum.com/x/xwCp are the midPoint
>>> instances aware of each other's sessions? So if the user logs into node A,
>>> and then load balancer connects the user to node B, is node B aware of the
>>> user's session?
>>>
>>> Pertti
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170228/5ecdad04/attachment.htm>
More information about the midPoint
mailing list