This topic has 2 replies, 2 voices, and was last updated 4 years ago by bmccraw.

  • Author
  • #22574

    I’ve worked with multi-server architectures in AM for a while now, but I’ve never configured them in a site. Each server is configured as “openam” so they essentially all shared the exact same configuration (stored in an external DS). Am I missing some benefit of sites?

    I’m using the AWS Application Load Balancer, so I can’t configure it to honor the amlbcookie. I let it utilize its own cookie for sticky-sessions to keep requests going to the same AM server. The cookie domain is set to the loadbalancer URL, so my sessions are generating on the proper domain.

    I want to make sure I’m configured correctly. We haven’t had an issue running like this for months, so I’m trying to decide if there’s business value in re-architecting our devops infrastructure to give each container a serverUrl vs just letting the serverUrl and the lbPrimaryUrl be the same.

    Thanks for any help you can give!

    – Brandon McCraw

     Warren Strange

    In the “DevOps” examples using Kubernetes, all AM servers are indeed clones of each other. You could create another site, but you would need to modify the installation to create a second set of AM servers (openam2, etc). It probably makes more sense just to create another deployment rather than use the sites features.

    You are correct on amlbcookie – you need to use an application L7 LB cookie for stickiness. We use the nginx ingress, and let it create and manage the LB cookie.


    Ah! Thanks Warren. I’d seen clones mentioned but I never realized that’s what it meant. Good to know sites aren’t necessary for multi-server deployments and that we didn’t implement a poor solution.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?