Choose a synchronization Mode
We can choose synchronization mode types for the IBM Security Verify Access Federation component.
SAML - Single Sign-On (SSO)
Binding NameID Management Recommended Comments HTTP POST Email, Transient NEARSYNC If Single Log Out is not required, choose the SUPERASYNC mode. HTTP REDIRECT Email, Transient NEARSYNC The Service Provider or Identity Provider must resolve the SAML Artifact from the Identity Provider or Service Provider. In case of a database failover during an SSO, the SAML message must be in standby for the Service Provider or Identity Provider to be able to resolve it. HTTP Artifact Email, Transient NEARSYNC HTTP POST
HTTP ARTIFACT
HTTP REDIRECTPersistent NEARSYNC ALIAS_SVC_ALIASUSERPARTNER data is replicated in case of failover.
OpenID Connect (OIDC) or OAuth
OIDC Flow Response type Recommended Comment Authorization code code NEARSYNC The Relying Party client exchanges an authorization code for a token. In case of failover, the Relying Party gets the authorization code from the secondary database.
Implicit token
id_tokenNEARSYNC The refresh token is not generated. To improve performance, use the SUPERASYNC mode. Hybrid code
token
id_tokenNEARSYNC The Relying Party client is required to exchange an authorization code for a token. In case of failover Relying Party gets the authorization code from a secondary database.
WS Federation Single Sign-On (WSFed SSO)
Recommended HADR mode: NEARSYNC. If the single log out feature is not required we can use the SUPERASYNC mode.SAML 1.1
SAML 1.1 Flow Binding Recommended Comment Single Sign-On HTTP POST SUPERASYNC Single Sign-On HTTP Artifact NEARSYNC The Service Provider or Identity Provider must resolve the SAML Artifact from the Identity Provider or Service Provider. In case of a database failover during an SSO, the SAML message must be in standby for the Service Provider or Identity Provider to be able to resolve it.
For information on synchronization mode types for the IBM Security Verify Access Advanced Access Control component, see Choose a synchronization mode for the Advanced Access Control component.
Parent topic: DB2 HVDB High Availability Disaster Recovery (HADR) guideline