Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-2237

Improve section 4.2. Configuring Web Agents Behind Load Balancers

    Details

      Description

      Would be nice to add following two configuration section and one limitation into 4.2. Configuring Web Agents Behind Load Balancers which could help customers with configuration.

      1.) POST Data Sticky Load Balancing
      Agent provide few modes to handle POST data with sticknesses. Can create a cookie, or to append a query string to the URL to assist with sticky load balancing. For more information see the POST data preservation section

      2.) Client identification behind balancer
      Some of configuration requires real client IP/hostname, (e.g Not Enforced IP properties) for this purpose you can use com.sun.identity.agents.config.client.ip.header or com.sun.identity.agents.config.client.hostname.header properties.
      Example: if not enforced IP is set, you need to pass real IP address to agent. You will set your load balancer to set this header (e.g X-Forwarded-For header with HA Proxy) and in the agent profile you set:
      Client IP Address Header=X-Forwarded-For

      For more info see client identification section

      Limitation of using multiple agent profiles

      Agent 5+ is limited to use multiple agent profiles without sticky session. Agent profile name is part of OIDC JWT token and from this reason, if is used JWT for different agent profile like was created, agent will complain about incorrect session (AMAGENTS-2114)
      Note: this limitation was not for agent 4, because agent 4 does not use OAuth2 flow

        Attachments

          Activity

            People

            • Assignee:
              cristina.herraz Cristina Herraz
              Reporter:
              richard.hruza Richard Hruza
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: