Configure failover authentication
We can configure WebSEAL for failover authentication.
To configure failover authentication, complete the following tasks:For information about the configuration entries related to these tasks, see the web reverse proxy Stanza Reference topics in the IBM Knowledge Center.
Steps
- Stop the WebSEAL server.
- To enable failover authentication, complete each of the following tasks:
- Protocol for failover cookies
- Generating a key pair to encrypt and decrypt cookie data
- Specify the failover cookie lifetime
- Specify UTF-8 encoding on cookie strings
- Add the authentication strength level
- Reissue of missing failover cookies
- Optionally, we can configure WebSEAL to maintain session state across failover authentication sessions. If this configuration is appropriate for your deployment, complete the following instructions:
- Addition of session lifetime timestamp
- Add the session activity timestamp
- Addition of an interval for updating the activity timestamp
- Optionally, we can configure WebSEAL to add extended attributes to the failover cookie:
- When WebSEAL is configured to add attributes to the failover cookie, configure WebSEAL to extract the attributes when reading the cookie:
- Optionally, we can enable failover authentication cookies for use on any WebSEAL server in the domain. If this configuration is appropriate for your deployment, see:
- To maintain compatibility with failover authentication cookies generated by WebSEAL servers from versions before version 8.0, complete the instructions in Enable compatibility for failover cookies.
- To maintain compatibility with failover authentication cookies generated by WebSEAL servers from versions before version 6.0, complete the following instructions:
- Specify UTF-8 encoding on cookie strings
- Validation of a lifetime timestamp
- Validation of an activity timestamp
- After completing all the instructions applicable to your deployment, restart the WebSEAL server.
Parent topic: Failover authentication configuration