7.1.3 Logical configuration of the SSO cluster system
The SSO cluster system has one of the three logical configurations shown below. The logical configuration varies depending on the user authentication method used by the SSO console.
-
Configuration in which user authentication is not performed or in which JP1/Base is not used for SSO authentication
-
Configuration in which JP1/Base exists on the physical hosts
-
Configuration in which JP1/Base exists on the logical host
The above logical configurations of the SSO cluster system are described below.
- Organization of this subsection
(1) Configuration in which JP1/Base is not used
The following figure shows a cluster environment configuration in which JP1/Base is not used.
The following is a conceptual diagram of a resource group when the SSO resource is added to a resource group created by NNMi or by a user, in a configuration in which JP1/Base is not used.
(2) Configuration in which JP1/Base exists on the physical hosts
The following figure shows a cluster environment configuration in which JP1/Base exists on the physical hosts.
The following figure shows an overview of JP1 authentication in a configuration in which JP1/Base exists on the physical hosts.
SSO connects to the authentication server via the JP1/Base on a physical host. Therefore, the authentication server must be set in JP1/Base on both physical hosts. When a physical SSO host is authenticated, the JP1/Base on that host does not need to run.
Note that in this configuration, JP1/Base is not included in the resource group.
The following is a conceptual diagram of the resource group in a configuration in which JP1/Base exists on the physical hosts.
(3) Configuration in which JP1/Base exists on a logical host
The following figure shows a cluster environment configuration in which JP1/Base exists on the logical host.
The following figure shows an overview of JP1 authentication in a configuration in which JP1/Base exists on the logical host.
The authentication server is set in each instance of JP1/Base on the logical host. In addition, in the ssoconsoled action definition file (ssoconsoled.def), the logical-hostname: key is set to the logical host name. The initial value of this key is none, which specifies that the setting on a physical host will be used.
For details on the ssoconsoled action definition file (ssoconsoled.def), see 6.3.23 ssoconsoled action definition file (ssoconsoled.def).
The following is a conceptual diagram of the resource group in a configuration in which JP1/Base exists on the logical host.