How to program Siteminder clustered failover using the Java SMSDK.

book

Article ID: 51797

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Provided is an example program that shows how using the Java SMSDK to load and create a Siteminder clustered policy server failover configuration.

It is based on the Sample Java Agent program: JavaTestClient.java, loads its configuration from a properties file, and has a configurable request loop to allow for some simple testing.

Solution:

Introduction

This document describes the clustered example program, and should be accompanied by a file that contains the program source code:
smjavaagent-withfailover.tar.gz file.

Included here is:

  1. A Sample Overview
  2. An Overview of the Program
  3. A Description of the Properties files settings

Sample Overview

The attachment contains the program:

JavaTestClientWithFailover.java

With the following files:

   build-JavaTestClient.sh   run-JavaTestClient.sh   smjavaagent-cluster.properties

You will need to edit the above files to:

  1. Fill in the location to the library jar files.
  2. Set cluster properties to suit your local configuration.
  3. Edit the .sh scripts or convert to .bat files as required.

Then to compile:
    build-JavaTestClient.sh

And to run:
    run-JavaTestClient.sh

Program Overview

Class JavaTestClientWithFailover

This class is based on the sample JavaTestClient.java test agent provided in the SMSDK, but change slightly to demonstrate clustered failover. The methods below are those that are new for this class, and are related to constructing the clustered definition.

Method: ServerDef readFirstServerDef(String prefix);
This method reads the first server definition from the properties file.

Method: ServerDef readNextServerDef(String prefix);
This method reads subsequent server definitions from the property file.

Method: InitDef buildAgentWithClusterFailover();
This method builds the clustered policy store InitDefinition

Method: void runMain();
This method initializes the agent connection, and then to assist with testing failover, repeats a single transaction multiple time with a delay between each iteration.

Method: void waitForDelayTime();
Waits for a period of time, as specified in the properties file.

Method: void runTransaction();
Run a single isProtected, login, and authorize sequence, based on entries in the properties file.

Description of the Property File Settings

A sample properties file is included in the code distribution. The parameters are based on those in the normal java agent sample code, with the following additions:

Cluster Setup

Additions to the standard setup are clusterseq, and the defaulting of the parameters in the code and to the values from the first server if they were different.

One thing to note is that PS_CLUSTERSEQ a value of zero should not be used if you wish to cluster.

#-- Cluster setup parameters -----------------------------------------
 
# This value is a percentage from 0 - 100%
PS_FAILOVERTHREASHOLD = 100
 
# The first server , note we add clusterseq, and failover threshold
# to work as a cluster, 
# NOTE: the CLUSTERSEQ needs to be 1 or higher, if zero it works differently.
 
PS_IP          = 192.168.10.1
PS_CONMIN      = 1
PS_CONMAX      = 3
PS_CONSTEP     = 1
PS_TIMEOUT     = 75
 
# These default to 44443 so leave them to do that, they will default to 44443.
#PS_AUPORT      = 44442
#PS_AZPORT      = 44443
#PS_ACPORT      = 44441
PS_CLUSTERSEQ  = 1
 
 
# Subsequent servers in the cluster, values default to those in 
# the first server where not specified
 
PS_1_IP        = 192.168.10.2
PS_1_CLUSTERSEQ  = 1
 
PS_2_IP        = 192.168.11.1
PS_2_CLUSTERSEQ  = 2
 
PS_3_IP        = 192.168.11.2
PS_3_CLUSTERSEQ  = 2

Run and Transaction Settings

#-- Run and Transaction settings ------------------------------------- ## To test cluster failover, this test program does a simple# isprotected, logon, and access and then repeats that # a number of times after doing a small sleep between # each transaction. # below are the parameters to influence the run repeat# they are commented out, since those are the default values # Num times to repeat transaction# Time to wait between transactions (default is 1000 millisec) #RUNTRANS_NUM_TIMES = 1000#RUNTRANS_SLEEP_TIME = 1000 ## Resource to be tested against and user that# will try to logon and access the resource. RESOURCE_NAME               = /testrealm2/private.htmlUSER_NAME      = test1USER_PWD       = password

Environment

Release:
Component: SMSDK
Powered by Wolken Software