Recently, there was a discussion in OpenAM mailing list regarding Policy Agent notification which I think is worth mentioning.
Imagine there is a cluster of application servers (for similar application, say App A) deployed behind a hardware load-balancer.
The answer is no. Why?
See the diagram below. If agent notification is enabled and each policy agent has its own unique notification URL, then OpenAM server is able to push notification to each of them.
Now, if the 2 policy agents are "hiding behind a load-balancer" (since we only want to create 1 x Agent configuration in OpenAM administration console), the notification URL has to be set to the load-balancer FQDN.
In this case, whenever OpenAM wants to push notification, one and only one of the 2 policy agents will get notified.
This is not ideal.
.
No comments:
Post a Comment