Maintenance Page / Failover URL

This topic has 3 replies, 3 voices, and was last updated 2 weeks, 3 days ago by Jatinder Singh.

  • Author
    Posts
  • #28311
     sstenger
    Participant

    Before implementing ForgeRock IG and AM, on a physical load balancer we leveraged a health monitor and an http template that together gave us the the ability to route users to a maintenance page during planned outages, as well as route users to a failover url in the event that all backend nodes were unavailable. The health monitor did an HTTP GET against a specific page expecting a status code of 200, else it routed users to the failover URL. During a planned outage, we simply renamed the file to route users to the maintenance page. Afterwards we renamed the file back routing users back to the home page. Does ForgeRock IG or AM, have similar built-in functionality. If not, where does it make the most sense to implement? AM trees, scripted node, IG handler?

    Thanks,
    SS

    #28313
     Jatinder Singh
    Participant

    You can configure your LB to ping AM instance at /openam/isAlive.jsp to check if it’s running. Based on a response status you can configure your LB to route accordingly. For IG it’s similar strategy, you could implement a static route e.g. /ping that would return 200 plus body (optional). Based on IG’s /ping response, LB will route request accordingly.

    #28318
     Scott Heger
    Participant

    Keep in mind that you can modify the isAlive.jsp page to fit your needs. By default it makes an authenticated call to the config store and if that is successful it will return an HTTP 200 response along with a message body that has the text “Server is ALIVE:”. If that call to the config store is unsuccessful then isAlive.jsp returns an HTTP 500 response. Being a simple JSP you can modify that to return or do whatever you want it to. Of course if the server’s container (e.g. Tomcat) is actually down then your health monitor would get a connection timeout when calling that page. As Jatinder mentioned, IG could also help, assuming you have IG in front of AM. In either case you would have to trigger something to make either AM or IG act differently with regard to the healthcheck in order to make your health monitor route properly.

    Oh and @jsingh if you are looking for some work (based on your name), hit me up on LinkedIn. I’ve got plenty. :)

    #28319
     Jatinder Singh
    Participant

    +1 to Scott’s answer.

    @shegergmail-com Thanks. I’ll ping you.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?