How do I configure the Web policy agent 3.x for multi-site SSO?
The purpose of this article is to provide information on configuring the Web policy agent when you have multiple sites with the same cookie domain and are doing SSO between the sites. This configuration might be used for failover, for example, between data centers.
1 reader recommends this article
Archived
This article has been archived and is no longer maintained by ForgeRock.
Configuring the Web policy agent for multi-site SSO
If you have multiple sites where you do SSO between them, you need to specify both site URLs in the policy agent bootstrap file to prevent a redirect loop. You can do this as follows:
- Stop the policy agent server on one site.
- Make a backup of the OpenSSOAgentBootstrap.properties file (located in the /config directory where the Web policy agent is installed).
- Edit the OpenSSOAgentBootstrap.properties file by specifying both site URLs in the com.sun.identity.agents.config.naming.url property, where the primary site URL is listed first, for example: com.sun.identity.agents.config.naming.url=http://host1.example.primary:8080/openam/namingservice http://host2.example.secondary:8080/openam/namingservice
- Restart the policy agent server.
- Repeat steps 1 to 4 for the other site.
See Also
OpenAM Web Policy Agent Reference › Bootstrap Configuration Properties
Related Training
N/A
Related Issue Tracker IDs
AMAGENTS-663 (Does J2EE agent support Naming URL and Failover Properties ?)