Optimal Single Sign-On configuration
search cancel

Optimal Single Sign-On configuration


Article ID: 255916


Updated On:


CA API Gateway


We would like to know if you have any Single Sign-On configuration recommandation for a high transaction volume cluster. Our current configuration is the default one with 4 different servers:

server.1.0.accounting.port 44441
server.1.0.address <SSO Policy Server address 1>
server.1.0.authentication.port 44442
server.1.0.authorization.port 44443
server.1.0.connection.max 3
server.1.0.connection.min 1
server.1.0.connection.step 1
server.1.0.timeout 60
server.1.1.accounting.port 44441
server.1.1.address <SSO Policy Server address 2>
server.1.1.authentication.port 44442
server.1.1.authorization.port 44443
server.1.1.connection.max 3
server.1.1.connection.min 1
server.1.1.connection.step 1
server.1.1.timeout 60
server.1.2.accounting.port 44441
server.1.2.address <SSO Policy Server address 3>
server.1.2.authentication.port 44442
server.1.2.authorization.port 44443
server.1.2.connection.max 3
server.1.2.connection.min 1
server.1.2.connection.step 1
server.1.2.timeout 60
server.1.3.accounting.port 44441
server.1.3.address here3.DomainName.com
server.1.3.authentication.port 44442
server.1.3.authorization.port 44443
server.1.3.connection.max 3
server.1.3.connection.min 1
server.1.3.connection.step 1
server.1.3.timeout 60


Release : 10.1


The default connection for custom agents is as you have it configured. Which starts with one connection to each port.  It will increase by 1 when a request is received and the current connection is not available up to the MAX of 3.

You need to review the current connection usage to each policy server.  If the connection count is at the MAX 3 to each policy server you can increase connection.max to a higher value.

Also The APIM custom agents uses the 5.x SSO connection model your configuration still uses  the older 4.x model different port for each sso service which are that time was four separate processes.

Disabled Enable Failover 

Maximum Sockets Per Port 3

Minimum Sockets Per Port 1

New Socket Step 1

Request Timeout 60


Change all ports for each sso service to the same one 44443

server.1.0.accounting.port 44443

server.1.0.authentication.port 44443

server.1.0.authorization.port 44443