Use of failover cookies with existing WebSEAL features

The following information discusses the impact of the non-sticky failover solution to other WebSEAL features.

• Switch-user

  Failover authentication is not supported for the switch user feature. Therefore, the non-sticky failover solution is also not supported.

• Authentication methods

  The non-sticky failover solution does not affect other supported WebSEAL authentication methods.

• Reauthentication

  The non-sticky failover solution does not affect reauthentication because reauthentication does not change the user's session ID.

• Authentication strength (step-up)

  The non-sticky failover solution does not affect authentication strength policy (step-up) because authentication strength does not change the user's session ID.

• Credential refresh

  The tagvalue_failover_amweb_session_id stanza entry in the [credential-refresh-attributes] stanza of the WebSEAL configuration file allows us to preserve the session ID information in a user's credential during a credential refresh operation. However, the credential refresh command cannot be used to control credential refresh across multiple replica servers. If you perform a credential refresh operation in a server cluster environment, we must issue the credential refresh command to each replica member of the replica set.

Parent topic: Failover for non-sticky failover environments