2.1.3 Secondary authentication server
Two authentication servers can be set up in one user authentication block. One authentication server is for normal use; the other is in reserve. These two JP1/Base programs are referred to as the primary authentication server and secondary authentication server, respectively. If the primary authentication server is disabled for any reason, the system automatically switches to the secondary authentication server to prevent operations from being disrupted.
- Organization of this subsection
(1) Setting up a secondary authentication server
To set up a secondary authentication server, specify on each host which host is to serve as the secondary authentication server. If the JP1/Base version, JP1 user settings, or operating permission settings are different between the primary authentication server and the secondary authentication server, an authentication error could occur when JP1/Base switches the authentication servers. To make those settings identical, copy the settings from the primary authentication server to the secondary authentication server.
(2) Flow of processing to connect the user to the secondary authentication server if connection to the primary authentication server fails
The following figure shows the flow of processing to connect the user to the secondary authentication server if connection to the primary authentication server fails.
|
|
![[Figure]](GRAPHICS/ZU010400.GIF)
As shown in Figure 2-4, the status changes to the blocked status if the system does not attempt to reconnect to the authentication server after a connection failure. You can check the connection status via the GUI (Windows only) or by a command. The authentication server is shown as Blocked when the status of the connection is blocked.
(3) Status of the authentication server and how to select the target authentication server
The table below shows the status of the target authentication server and how to select the target authentication server.
|
Authentication server status |
How the target authentication server is selected |
|---|---|
|
Primary authentication server: Available Secondary authentication server: Available |
Host tries to connect to the primary authentication server. If connection to the primary authentication server fails, the host places the primary authentication server in blocked status and tries to connect to the secondary authentication server. If connection to the secondary authentication server fails, the host places the secondary authentication server in blocked status. |
|
Primary authentication server: Blocked Secondary authentication server: Available |
Host tries to connect to the secondary authentication server. If connection to the secondary authentication server fails, the host places the secondary authentication server in blocked status and does not try to connect to the primary authentication server. |
|
Primary authentication server: Available Secondary authentication server: Blocked |
Host tries to connect to the primary authentication server. If connection to the primary authentication server fails, the host places the primary authentication server in blocked status and does not try to connect to the secondary authentication server. |
|
Primary authentication server: Blocked Secondary authentication server: Blocked |
Host tries to connect to the primary authentication server. If connection succeeds, the blocked status on the primary authentication server is released. If connection to the primary authentication server fails, the host tries to connect to the secondary authentication server. If connection succeeds, the blocked status on the secondary authentication server is released. If connection to the secondary authentication server fails, a connection error occurs. |
If a user intentionally places both authentication servers in blocked status, the system will attempt to connect to an authentication server if a login or some other task is performed from JP1/IM - View or JP1/AJS - View. If the attempt is successful, the system releases the blocked status of the authentication servers.
Note that system operation stops if both authentication servers are blocked. You should detect the blocked status as early as possible and eliminate the cause.
To detect the blocked status, JP1/Base can automatically issue a JP1 event if the status of the connection to an authentication server changes. Issuing JP1 events enables JP1/IM - View and other programs to monitor connections to authentication servers. By default, JP1/Base does not issue such an event. For details on how to issue a JP1 event, see 4.3 Detecting abnormal process termination and authentication server switching.
If an error on the primary authentication server is resolved while you are connected to the secondary authentication server, manually release the blocked status of the primary authentication server. For details on how to release the blocked status, see 8.4 Setup for handling the blocked status (using a secondary authentication server).
- Note
-
The target authentication server is switched only in the event of a communication error or if the authentication server has not started. Switching is not performed in response to a typing mistake or incorrect password entered by the executing user.