Having a highly available CTS token store is a basic requirement. This is currently not very well supported. The following options are possible:
- Internal token store: a failover configuration is possible since the config store settings allow adding multiple directory servers to the list. However, it is more beneficial to have an external token store from a performance perspective.
- External token store: only a single directory server can be configured. This leaves the option to use a load balancer.
- Load balanced token store: due to
OPENAM-3109this solution leads to replication conflicts and potential anomalies from the user's point of view.
It is obvious that there is no good choice for high availability, each comes with drawbacks that should be avoidable.
Therefore the CTS should be enhanced in a way to support a more bullet proof HA architecture.