CA SSO Configuration load balance gateway to SSO policy servers & Error when I enable failover

book

Article ID: 196986

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

CA SSO configuration, it work fine after I done the registration. 
After that manually add the second sever information and check enable failover. When I click Test button, I get this error
Validation failed: Unable to initialize CA Single Sign-On Agent. Either failed to connect to the Policy Server or the Agent's hostname/sercet/fipmode is incorrect.

In the log

2020-08-10T12:32:21.944-0500 SEVERE  41 com.ca.siteminder.SiteMinderLowLevelAgent: The CA Single Sign-On Agent hostname and/or the secret is incorrect.


This is our new API servers (version 10). In my current API server (9.4), I don't see this issue.



Environment

Release : 10.0

Component : API GATEWAY

Resolution

How to configure 1 cluster with 2 policy server in APIM policy manager 

Server 0.0 -  the first 0 is the clusterID, the second 0 is the PS ID 

In a 1 cluster with 2 policy server with failover the values would be as followed:

| server.0.0.accounting.port     | 44441        |

| server.0.0.address             | 192.168.1.1 |

| server.0.0.authentication.port | 44442        |

| server.0.0.authorization.port  | 44443        |

| server.0.0.connection.max      | 3            |

| server.0.0.connection.min      | 1            |

| server.0.0.connection.step     | 1            |

| server.0.0.timeout             | 60           |

| server.0.1.accounting.port     | 44441        |

| server.0.1.address             | 192.168.1.2 |

| server.0.1.authentication.port | 44442        |

| server.0.1.authorization.port  | 44443        |

| server.0.1.connection.max      | 3            |

| server.0.1.connection.min      | 1            |

| server.0.1.connection.step     | 1            |

| server.0.1.timeout             | 60           |