Configure CA SSO High Availability

If you have created the CA SSO Policy Server cluster, you can configure an application server cluster to use it for load balancing and failover. You can do this configuration either on the  side or on the CA SSO side.
cim140
If you have created the CA SSO Policy Server cluster, you can configure an application server cluster to use it for load balancing and failover. You can do this configuration either on the 
Identity Manager
 side or on the CA SSO side.
Configure Load Balancing and Failover on the 
Identity Manager
 Side 
 
Follow these steps:
 
  1. Open the 
    ra.xml
     file for editing. The file is available at the following locations:
    WebSphere: WAS_PROFILE/config/cells/CELL_NAME/applications/iam_im.ear/deployments/IdentityMinder/policyserver_rar/META-INF Jboss: jboss_home/server/all/deploy/iam_im.ear/policyserver_rar/META-INF WebLogic: wl_domain/applications/iam_im.ear/policyserver_rar/META-INF
  2. Make the following edits in the 
    ra.xml
     file:
     
    1.  
      Modify Policy Server Connection Settings
      The Policy Server connection information must reflect the primary server for the production environment. This information consists of the ConnectionURL, the user name and password for the CA SSO Admin account, and the name and shared secret for the Agent.
      In the following example, the editable values are highlighted in blue.
      <config-property>
      <config-property-name>ConnectionURL</config-property-name>
      <config-property-type>java.lang.String</config-property-type>
      <config-property-value>DEVELOPMENT.SEVERCOMPANY.COM,VALUE,VALUE,VALUE</config-property-value>
      </config-property>
      <config-property>
      <config-property-name>UserName</config-property-name>
      <config-property-type>java.lang.String</config-property-type>
      <config-property-value>CA-SSO-ADMIN-NAME</config-property-value>
      </config-property>
      <config-property>
      <config-property-name>AdminSecret</config-property-name>
      <config-property-type>java.lang.String</config-property-type>
      <config-property-value>ENCRYPTED-PASSWORD</config-property-value>
      </config-property>
      <config-property>
      <config-property-name>AgentName</config-property-name>
      <config-property-type>java.lang.String</config-property-type>
      <config-property-value>DEVELOPMENT-AGENT-NAME</config-property-value>
      </config-property>
      <config-property>
      <config-property-name>AgentSecret</config-property-name>
      <config-property-type>java.lang.String</config-property-type>
      <config-property-value>ENCRYPTED-AGENT-SECRET</config-property-value>
      </config-property>
       
      Note
      : For the values that require encrypted text, use the The Password Tool.  
    2.  
       Add More Policy Servers
      To add more Policy Servers to the installation instance, edit the FailoverServers entry in the 
      ra.xml
       file.
      Note:
       Include the primary Policy Server and all failover servers in the FailoverServers entry.
      For each Policy Server, enter an IP address and port numbers for authentication, authorization, and accounting services. Use a semi-colon to separate entries as shown here:
      <config-property> <config-property-name>FailoverServers</config-property-name> <config-property-type>java.lang.String</config-property-type> <config-property-value> 172.123.123.123,44441,44442,44443;172.123.123.124,33331,33332,33333 </config-property-value> </config-property>
    3.  
      Select Load Balancing or Failover
      The default behavior is to use round-robin load balancing using the servers that are identified by the ConnectionURL and FailoverServers. Load balancing occurs if you set 
      FailOver
       to 
      false
      .
      To select the failover, set 
      FailOver
       to 
      true
      :
      <config-property> <config-property-name>FailOver</config-property-name> <config-property-type>java.lang.String</config-property-type> <config-property-value>true</config-property-value> </config-property>
  3. Repeat these steps for each 
    Identity Manager
     server in the cluster. 
  4. Restart the application server for changes to take effect.
 
Note:
 When you are creating or modifying a directory or an environment setting, set CA SSO Failover and FailoverServers to false. Otherwise, the directory object would be created but not replicated in time to be used. For example, you create a directory in Server 1. Then, you create an attribute using the object ID of that directory on Server 2, but the second directory does not exist yet. You receive an Object not Found error.
Configure Load Balancing and Failover on the CA SSO Side
To configure Load Balancing and Failover on CA SSO, refer to Configure Load Balancing and Failover on CA SSO