October 5, 2020 at 5:37 pm #28311sstengerParticipant
Before implementing ForgeRock IG and AM, on a physical load balancer we leveraged a health monitor and an http template that together gave us the the ability to route users to a maintenance page during planned outages, as well as route users to a failover url in the event that all backend nodes were unavailable. The health monitor did an HTTP GET against a specific page expecting a status code of 200, else it routed users to the failover URL. During a planned outage, we simply renamed the file to route users to the maintenance page. Afterwards we renamed the file back routing users back to the home page. Does ForgeRock IG or AM, have similar built-in functionality. If not, where does it make the most sense to implement? AM trees, scripted node, IG handler?
SSOctober 5, 2020 at 9:10 pm #28313Jatinder SinghParticipant
You can configure your LB to ping AM instance at
/openam/isAlive.jspto check if it’s running. Based on a response status you can configure your LB to route accordingly. For IG it’s similar strategy, you could implement a static route e.g.
/pingthat would return 200 plus body (optional). Based on IG’s
/pingresponse, LB will route request accordingly.October 7, 2020 at 1:23 am #28318Scott HegerParticipant
Keep in mind that you can modify the isAlive.jsp page to fit your needs. By default it makes an authenticated call to the config store and if that is successful it will return an HTTP 200 response along with a message body that has the text “Server is ALIVE:”. If that call to the config store is unsuccessful then isAlive.jsp returns an HTTP 500 response. Being a simple JSP you can modify that to return or do whatever you want it to. Of course if the server’s container (e.g. Tomcat) is actually down then your health monitor would get a connection timeout when calling that page. As Jatinder mentioned, IG could also help, assuming you have IG in front of AM. In either case you would have to trigger something to make either AM or IG act differently with regard to the healthcheck in order to make your health monitor route properly.
Oh and @jsingh if you are looking for some work (based on your name), hit me up on LinkedIn. I’ve got plenty. :)October 7, 2020 at 3:38 pm #28319
You must be logged in to reply to this topic.