search cancel

Recommendations for configuring SiteMinder Session Server Failover.


Article ID: 53733


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



Customer would like to know if there are recommendations or best practices for configuring session server failover.


SiteMinder support have identified some problems when multiple policy servers are pointing to multiple Session Stores.

If you want to define several session stores and hence several database instances, all the policy server must point to the same Data Source Names in the same order.

To clarify the above statement, for instance if you have 3 policy servers and 2 Database instances (DB1 and DB2), then all the policy server must have the same configuration in the SiteMinder Management Console, in this case the configuration should look like:

  DB1, DB2 

In the case you have mixed configurations, for instance:

  DB1, DB2 -> Policy Server 1 
  DB2, DB1 -> Policy Server 2 & 3 

You can expect problems when end users try to log into persistent realms. The issue is because policy server 1 will not be able to validate sessions created by the other policy servers since those sessions are in other database.

I also want to point out that the Policy Server checks the health of the database connection every 15 seconds, as long as the policy server can connect to the database, the connection will be marked as good. However, in case of database issues like lack of space or lock tables, the policy server will not fail over to the next available Data Source Name.

Similar problems have been reported when database replication is being used and the issue is same, so in case you want to implement Database Replication you have to be sure that session server information is available in both databases at the same time otherwise you can expect problems.


Component: SMPLC