Specify the master authentication server (MAS)
We must specify which server machine in the e-community is to function as the master authentication server (MAS). We must also specify if a server machine is not the MAS.
Use the is-master-authn-server stanza entry to specify whether a server is the MAS or not. Values include "yes" or "no".
For example:
[e-community-sso] is-master-authn-server = yesMultiple WebSEALs can be configured to act as master authentication servers and then placed behind a load balancer. In this scenario, the load balancer is "recognized" as the MAS by all other WebSEAL servers in the e-community.
If the server we are configuring is not the MAS, use the master-authn-server to specify to this server the location of the MAS.
If the is-master-authn-server stanza entry is set to "no", this stanza entry must be uncommented and specified. The stanza entry identifies the fully qualified domain name of the MAS.
For example:
[e-community-sso] master-authn-server = mas.dA.comAdditionally, you can specify the HTTP and HTTPS listening ports used by the MAS if these port values are other than the default (port 80 for HTTP and port 443 for HTTPS).
If e-community-sso-auth enables HTTP e-community authentication and the master authentication server listens for HTTP requests on a port other than the standard HTTP port (port 80), the master-http-port stanza entry identifies the non-standard port. This stanza entry is ignored if this server is the master authentication server. By default, this stanza entry is disabled.
[e-community-sso] master-http-port = port-numberIf e-community-sso-auth enables HTTPS e-community authentication and the master authentication server listens for HTTPS requests on a port other than the standard HTTPS port (port 443), the master-http-port stanza entry identifies the non-standard port. This stanza entry is ignored if this server is the master authentication server. By default, this stanza entry is disabled.
[e-community-sso] master-https-port = port-number
Parent topic: Configuration of e-community single sign-on