Use of failover cookies with existing WebSEAL features
The following information discusses the impact of the non-sticky failover solution to other WebSEAL features.
- Switch-user
Failover authentication is not supported for the switch user feature. Therefore, the non-sticky failover solution is also not supported.
- Authentication methods
The non-sticky failover solution does not affect other supported WebSEAL authentication methods.
- Reauthentication
The non-sticky failover solution does not affect reauthentication because reauthentication does not change the user's session ID.
- Authentication strength (step-up)
The non-sticky failover solution does not affect authentication strength policy (step-up) because authentication strength does not change the user's session ID.
- Credential refresh
The tagvalue_failover_amweb_session_id stanza entry in the [credential-refresh-attributes] stanza of the WebSEAL configuration file allows us to preserve the session ID information in a user's credential during a credential refresh operation. However, the credential refresh command cannot be used to control credential refresh across multiple replica servers. If you perform a credential refresh operation in a server cluster environment, we must issue the credential refresh command to each replica member of the replica set.
Parent topic: Failover for non-sticky failover environments