To distribute the authentication server load using a load balancer such as the Interstage Traffic Director, an authentication server must be configured to have the same environment as that of the already set authentication server.
The Interstage Single Sign-on system provides the ssocloneac command to constitute the authentication server in the same environment.
The ssocloneac command is also used to make copies of the messages to be displayed on a Web browser. Customize these messages before making the copy of the authentication server. Refer to 'Customizing Messages Displayed on a Web Browser' for details of how to customize messages displayed on a Web browser.
The following explains how to transfer the environment of the original authentication server already installed to the additional authentication server using the ssocloneac command. Refer to 'Single Sign- on Operation Commands' in the Reference Manual (Command Edition) for details of the ssocloneac command.
Preparations for Load Distribution
Note the following to add a load balancer such as the Interstage Traffic Director to an active authentication infrastructure.
• Do not change the URL of the authentication infrastructure by setting the host name of the already- installed authentication server in the load balancer such as the Interstage Traffic Director. Refer to 'Authentication Infrastructure URL' for an explanation of the URL of the authentication infrastructure. Refer to the manual of the Interstage Traffic Director for details of the Interstage Traffic Director.
Preparing Target Machine
Set up the machine you are copying to with the same platform as that of the machine you are copying from. Ensure the same Interstage version, edition, and installation directory is installed. The Interstage Single Sign-on, Interstage HTTP Server, and SSL configuration (for SSL communication) on the
destination machine must be in the initial state immediately after installation.
Getting Environment Information
1. On the source machine, execute the ssocloneac command with the -p option in order to fetch environment information such as authentication server information, Interstage HTTP Server
information, and the SSL configuration for SSL communication (*1). When you are permitted to use the same certificate for the load-balancing machine, and SSL Accelerator is not used, use the scsexppfx command to transfer the site certificate and private-key. Refer to 'SSL Commands' in
Setup of Authentication Server
Setting Up Environment for Destination Machine for Copying
1. For SSL communication using the authentication server, create the Interstage certificate
environment by executing the scsmakeenv command with the -e option on the destination machine for copying.
Refer to 'SSL Commands' in the Reference Manual (Command Edition) for details of the scsmakeenv command.
2. When SSL communication is used by the authentication server and you are permitted to use the same certificate for the load-balancing machines, transfer the site certificate and private-key using the scsimppfx command. Refer to the Reference Manual (Command Edition) for details of the scsimppfx command.
When SSL communication is used by the authentication server but using the same certificate for the load-balancing machines is not permitted, newly acquire a site certificate and register it in the site certificate environment as described in Preparations for SSL Communication. In this case, the nickname of the site certificate to be used when requesting the certificate for SSL communication must be the same as that specified in the authentication server already installed. Also the
nickname of the CA certificate to be used at registering the certificate for SSL communication must be the same as that specified in the already set authentication server.
3. On the destination machine for copying, execute the ssocloneac command with the -c option. The environment for the authentication server, Interstage HTTP Server, and the SSL communication for SSL communication (*1) are duplicated.
4. On the Interstage Management Console, select [Security] and then [Single Sign-on] from the System menu. Click [Authentication infrastructure] and [Authentication server]. On the [Settings] tab, click [Detailed Settings [Show]]. The environment of the original authentication server for copying is set in [Host name and Port number] of [Communication Settings with Repository server (reference system)]. Therefore, change this environment depending on the operating conditions, and click [Update].
For details of the items to be set on the Interstage Management Console, refer to the Operator’s Guide.
5. After the repository server (reference system) is set, start the authentication server.
Refer to 'Starting an Authentication Server' for an explanation of the authentication server start. 6. Delete the environment information file of the authentication server.
*1 The SSL configuration for SSL communication is copied only when the authentication server uses SSL communication.
Notes
• For load distribution of the authentication server, the related multiple authentication servers must have the Interstage Single Sign-on of the same version, edition, and installation directory. The same platform must also be used.
• The load balancer must be set up so that the requests from the same client transfer to same authentication servers.
• Use the following settings when the load balancer is Interstage Traffic Director. − Operation Mode: bridge
• The environment information file of the authentication server is important for security. After the authentication server is set up, always delete the environment information file.