Configuring High Availability for Identity Management Components 8-129 ■ DOMAIN_HOMEconfigfmwconfigoamkeystore — keystore containing keys and certificates OAMOracle Security Token Service owns ■ DOMAIN_HOMEconfigfmwconfigamtruststore — keystore containing the trust anchors used for X509 cert validation ■ DOMAIN_HOMEconfigfmwconfigamcrl.jar — zip file containing CRLs used for certificate revocation ■ DOMAIN_HOMEconfigfmwconfigdefault-keystore.jks — OWSM keystore used to store keys and certificates used by the OWSM Agent, as well as trusted anchors used to validate X.509 certificates for WSS operations

8.8.3.2.7 External Dependencies Oracle Security Token Service has external

dependencies on the: ■ LDAP based Identity Store – User Identity Repository – LDAP access abstracted by UserRole API. ■ OCSP Responder Service – Real-time X.509 Certification Validation ■ RDBMS Policy Store – Policy Authentication and Authorization Repository – RDBMS access abstracted by the OAM policy engine

8.8.3.3 Oracle Security Token Service High Availability Configuration Steps

Oracle Security Token Service High Availability is configured as part of Oracle Access Manager. All Oracle Security Token Service system configuration is done using the Oracle Access Manager Console. See Section 8.8.4, Oracle Access Manager High Availability Configuration Steps for steps to configure OAM.

8.8.3.4 Validating Oracle Security Token Service High Availability

You can verify that Oracle Security Token Service endpoints are up and running on the different Oracle Security Token Service servers. To do so, access the WSDL document of an Oracle Security Token Service endpoint directly: https:[hostname:port]sts[ENDPOINT]?WSDL Replace [ENDPOINT] with the existing published endpoint.

8.8.3.5 Oracle Security Token Service Failover and Expected Behavior

This section describes Oracle Security Token Service failover characteristics in a high availability environment. Oracle Access Manager Access Servers support a heartbeat check--a ping request over HTTP. In addition, the WebLogic Node Manager on the Managed Server can monitor the application and restart it if necessary. Note: Oracle Access Manager always connects to one Identity store, which can be a physical server or a load balancer IP. If the primary is down, Oracle Access Manager reconnects and expects the load balancer to connect it to the secondary. 8-130 Oracle Fusion Middleware High Availability Guide If a WebLogic Server node fails, external connection failover is based on the configuration, the retry timeout, and the number of retries. Oracle Access Manager Agent-Access Server failover is based on a timeout. When the load balancing router or proxy server detects a WebLogic Server node failure, subsequent client connections route to the active instance, which picks up the session state from the Coherence Distributed Object Cache and continues processing. Front Channel HTTP bindings use a load balancing router for failover When it receives an exception from another service, Oracle Access Manager retries external connection requests. The number of retries is configurable and includes a no retries option. See the following topics for more information: ■ Section 8.8.2.2.1, WebLogic Server Crash ■ Section 8.8.2.2.2, Node Failure ■ Section 8.8.2.2.3, Database Failure

8.8.3.5.1 Death Detection and Restart OAMOracle Security Token Service Access

Servers support a heartbeat check in the form of a ping request sent over HTTP. Also, the WebLogic Node Manager on the managed server can monitor the application and restart if the event isn’t running. Restarting an OAM Access Server does not affect any other cluster components or members.

8.8.3.5.2 Node Failure External Connection failover is based on the configuration, retry

timeout, and the number of retries. The LBR or Proxy Server detects node failure and subsequent client connections are routed to the active instance, which picks up the session state from the Coherence DOC and continues with the processing.

8.8.3.6 Disabling and Enabling Oracle Security Token Service