Upgrading the VIP Authentication Hub to 3.2.0, then, the Hazelcast module reports a problem about the geolocation:

Jul 29 12:59:22 <name>-ssp-geolocation.<number>.svc ssp-scheduler {"timestamp":"2024-07-29T10:59:22.314003Z","type":"log","level":"error","thread":"https-jsse-nio-8083-exec-2","msg":"geolocationRestConnector: Exception while calling Geolocation Service. Error I/O error on GET request for \\\"https://<name>-ssp-geolocation.example.com:443/geolocation/v1/IPAddress/192.168.1.1\\\": extidpint-ssp-geolocation.ns002i006968.svc: Name does not resolve","api":"/admin/v1/status","clientIp":"198.18.35.163","clientTxnId":" ","httpMethod":"POST","method":"POST","relVersion":"1.0","service":"admin","txnId":"abf340e0-1df2-4acd-8e82-b5b3a8056cbf","userAgent":"Open Policy Agent/0.66.0 (linux, amd64)","userIp":"198.18.35.163","throwable":"org.springframework.web.client.ResourceAccessException: I/O error on GET request for \https://extidpint-ssp-geolocation.ns002i006968.svc:443/geolocation/v1/IPAddress/198.18.35.163\: extidpint-ssp-geolocation.ns002i006968.svc: Name does not resolve\n\t

The error message is found in Hazelcast module itself.

Geolocation service is a core component similar to the OPA or Hazelcast, and it is expected to be running all the times.

While in some cases geolocation data is used for auditing only, in other scenarios geolocation service should be running and return a response and the geolocation response is then used in processing a request. A failure in geolocation service should be recorded as an error so that anyone who is debugging an issue (why a rule depending on location or country failed) has access to the geolocation failure information because it's logged in error level.

The geolocation service supports read only file system.

This is feature flag, and it's going to be removed in 3.2.1.

The geolocation service will be kept running and still present.

Upgrade to VIP Authentication Hub to 3.2.1 to get this feature flag removed, when this version will be available.