Oracle Security Token Service High Availability Architecture
8.8.3.1 Oracle Security Token Service High Availability Architecture
The following figure shows Oracle Security Token Service in a high availability architecture: Figure 8–14 Oracle Security Token Service High Availability Architecture 8-126 Oracle Fusion Middleware High Availability Guide This figure shows a two-node deployment of Oracle Access ManagerOracle Security Token Service components. This section provides details about an Oracle Security Token Service high availability deployment. For more details about the overall Oracle Access Manager high availability architecture, which is deployed as part of, see Section 8.8.2.1, Oracle Access Manager High Availability Architecture . Security Token Service is the server side component that implements the WS-Trust protocol support. The load balancer receives token requests and routes them to the Security Token Service STS. The Oracle Access Manager Administration console is a J2EE application that provides services to manage the Oracle Security Token Service deployment. As part of the OAM deployment, Administration Console must deploy to the Weblogic AdminServer. In Oracle Security Token Service, each WLS domain supports one Oracle Security Token Service cluster. OAMOracle Security Token Service clusters cannot span WebLogic Server domains. Oracle Security Token Service is primarily based on the OASIS WS-Trust protocol. However, Oracle Security Token Service delegates the processing of other WS- protocols present in the SOAP message to the JAX-WS stack. Oracle recommends using external LBRs for inbound HTTPSOAP connections. Outbound external connections to LDAP servers are load balanced with support for connection failover.8.8.3.1.1 Clients and Client Connections Web Service clients that implement the WS-Trust
protocol interact with Oracle Security Token Service to issue or validate tokens. Clients designed to interact with an STS server, such as OWSM Client, as part of a Web Service call to a Relying Party can invoke Oracle Security Token Service. The client connection process is as follows: 1. The Web Service client sends a SOAP message over http or https. The WSS protocol protects the message. The payload contains a WS-Trust request RST indicating the operation to perform, which kind of token to issue or validate, and additional information about the token characteristics. 2. The server processes the request and sends a response over the same channel the server received it on. The WSS protocol protects the message. The payload contains a WS-Trust response RSTRC if the processing was successful or a SOAP fault if an error occurs.8.8.3.1.2 Cluster Wide Configuration Changes Each Oracle Security Token Service Access
Server instance is a peer of other instances with no inter-instance communication. Because all initialization happens before the Server is ready to receive requests combined with built in throttling capabilities, the WebLogic Server handles surge conditions gracefully without any significant effect on Oracle Security Token Service Access Server performance characteristics. When the cluster stops, the Oracle Security Token Service denies new requests and permits existing requests to complete before the Access Server application shuts down. If a forced shutdown occurs, Oracle Security Token Service can recover for any corruptedinvalid data that the shutdown causes. Propagation of configuration changes to all the cluster members is based on a distribution mechanism that leverages the Coherence distributed object cache. The coherence layer notifies all Oracle Security Token Service components of change Configuring High Availability for Identity Management Components 8-127 events. The components then uptakes these change events. OAM components reload their entire configuration every time a change happens.8.8.3.2 Oracle Security Token Service Component Characteristics
Parts
» Oracle Fusion Middleware Online Documentation Library
» High Availability Problems High Availability Solutions
» High Availability Information in Other Documentation
» What Is the Administration Server? Understanding Managed Servers and Managed Server Clusters
» What Is a System Component Domain? What Is a Middleware Home? What Is a WebLogic Server Home?
» Oracle Fusion Middleware High Availability Terminology
» Server Load Balancing Oracle Fusion Middleware High Availability Technologies
» Local High Availability Active-Passive Deployment
» About Active-Active and Active-Passive Solutions
» Disaster Recovery Oracle Fusion Middleware High Availability Solutions
» Protection from Planned and Unplanned Down Time
» What Is a WebLogic Server Cluster? WebLogic Server Clusters and WebLogic Server Domains
» Application Failover Migration Key Capabilities of a Cluster
» Benefits of Clustering Types of Objects That Can Be Clustered
» Communications in a Cluster Cluster-Wide JNDI Naming Service
» Startup Process in a Cluster with Migratable Servers
» Administration Servers Role in Whole Server Migration Migratable Server Behavior in a Cluster
» Node Managers Role in Whole Server Migration Cluster Masters Role in Whole Server Migration
» Load Balancing Oracle Fusion Middleware Online Documentation Library
» Multi Data Sources Cluster Configuration and config.xml
» Java-Based Oracle Fusion Middleware Components Deployed to Oracle WebLogic Server
» Configuring Multi Data Sources for MDS Repositories
» Log on to SQLPlus as a system user, for example:
» Log on to SQLPlus as a user with sysdba privileges. For example:
» Configuring Multi Data Sources with Oracle RAC
» Oracle RAC Failover with WebLogic Server JDBC Clients
» Oracle Reports and Oracle Discoverer
» Troubleshooting Real Application Clusters
» SCAN Run Time Implications and Limitations
» Oracle SOA Service Infrastructure Protection from Failures and Expected Behavior
» Oracle SOA Service Infrastructure Cluster-Wide Configuration Changes
» Oracle BPEL Process Manager Request Flow and Recovery
» Oracle BPEL Process Manager Protection from Failures and Expected Behavior
» Oracle BPM Suite Component Characteristics
» Oracle BPM Suite Component Interaction
» Oracle BPMN Service Engine Single Instance Characteristics
» Oracle BPMN Service Engine High Availability Considerations
» Oracle Business Process Web Applications Single Instance Characteristics
» Oracle Business Process Analytics Single Instance Characteristics
» Oracle Mediator Component Characteristics Oracle Mediator Startup and Shutdown Lifecycle
» Oracle Mediator Request Flow
» Oracle Mediator Protection from Failures and Expected Behavior
» Troubleshooting Oracle Mediator High Availability
» Troubleshooting Oracle Human Workflow High Availability
» Oracle B2B Component Characteristics Oracle B2B Startup and Shutdown Lifecycle
» Oracle B2B Protection from Failures and Expected Behavior
» Oracle WSM Component Characteristics Oracle WSM Startup and Shutdown Lifecycle
» Oracle WSM Protection from Failures and Expected Behavior
» Oracle WSM Cluster-Wide Configuration Changes Configuring the Java Object Cache for Oracle WSM
» Configuring Distributed Notifications for the MDS Repository
» Oracle User Messaging Service Component Characteristics
» Oracle User Messaging Service Protection from Failures and Expected Behavior
» Oracle User Messaging Service Cluster-Wide Configuration Changes
» Oracle JCA Adapters Component Lifecycle
» Oracle JCA Adapters Reliability and Transactional Behavior
» Oracle JCA Adapters - Rejected Message Handling
» Oracle JCA Adapters High Availability Error Handling Oracle Database Adapters High Availability
» Oracle JMS Adapters High Availability
» Oracle JCA Adapters Log File Locations
» Oracle Business Activity Monitoring Component Characteristics
» Oracle Business Activity Monitoring Configuration Artifacts
» Oracle Business Activity Monitoring Protection from Failures and Expected Behavior
» Oracle Business Activity Monitoring Cluster-Wide Configuration Changes
» Oracle Service Bus Session State Oracle Service Bus External Dependencies
» Oracle Service Bus Configuration Artifacts Oracle Service Bus Deployment Artifacts
» Oracle Service Bus Protection from Failures and Expected Behavior
» Database Prerequisites VIP and IP Prerequisites Shared Storage Prerequisites
» Configuring Virtual Server Names and Ports for the Load Balancer
» Validating Oracle HTTP Server To verify that Oracle HTTP Server is set up
» Setting Connection Destination Identifiers for B2B Queues
» Starting Node Manager on SOAHOST2 Starting and Validating the WLS_SOA2 Managed Server
» Setting the Front End HTTP Host and Port
» Setting the WLS Cluster Address for Direct BindingRMI Invocations to Composites
» Deploying Applications Click Next.
» Configuring Server Migration for the WLS_SOA Servers
» Connect to the database as the leasing user. Run the leasing.ddl script in SQLPlus.
» Click Save. Oracle Fusion Middleware Online Documentation Library
» Enabling VIP1 and VIP3 in SOAHOST1 and VIP2 and VIP4 in SOAHOST2
» Configure Oracle Coherence for the Oracle Service Bus Result Cache
» Configuring a Default Persistent Store for Transaction Recovery Deploying Applications
» Configuring Server Migration for the WLS_OSB Servers
» Enabling VIP0 and VIP1 on BAMHOST1
» Oracle ADF Components Understanding Oracle ADF
» Oracle ADF Single Node Architecture Oracle ADF External Dependencies
» Oracle ADF Scope and Session State
» Oracle ADF Failover and Expected Behavior Oracle ADF Active Data Services
» Troubleshooting Oracle ADF Development Issues
» Deploying the ADF Application Validating Access through Oracle HTTP Server
» Select the Control tab. Select Environment Servers from the Administration Console. Select Clone.
» Oracle WebCenter Components Understanding Oracle WebCenter
» Oracle WebCenter Single-node Architecture Oracle WebCenter State and Configuration Persistence
» Oracle WebCenter External Dependencies
» Oracle WebCenter Configuration Considerations
» Oracle WebCenter Analytics Communications
» Oracle WebCenter State Replication Understanding the Distributed Java Object Cache
» Maintaining Configuration in a Clustered Environment
» Installing Oracle Fusion Middleware for Oracle WebCenter
» Enabling the Administration Server VIP
» Configuring a Virtual Host for Oracle Pagelet Producer and Sharepoint
» Configuring Activity Graph Click Start.
» Converting Discussions from Multicast to Unicast
» Configuring a Cluster for Oracle WebCenter Portal Applications
» Agent Startup and Shutdown Cycle Oracle Data Integrator External Dependencies
» Java EE Agent Configuration Standalone Agent Configuration
» Oracle Data Integrator Clustered Deployment
» WebLogic Server or Standalone Agent Crash Repository Database Failure
» About the 11g Oracle Identity Management Products
» Database Prerequisites Installing and Configuring the Database Repository
» Oracle Internet Directory Component Characteristics
» Oracle Internet Directory High Availability Architecture
» Protection from Failures and Expected Behavior
» Installing Oracle Fusion Middleware for Identity Management The next step is to
» Registering Oracle Internet Directory with a WebLogic Domain If you want to
» Creating boot.properties for the Administration Server on OIDHOST1 This section
» Configuring Oracle Internet Directory on OIDHOST2 Ensure that the Oracle Internet
» Validating Oracle Internet Directory High Availability
» Performing an Oracle Internet Directory Failover Performing an Oracle RAC Failover
» Troubleshooting Oracle Internet Directory High Availability
» Changing the Password of the ODS Schema Used by Oracle Internet Directory
» Oracle Virtual Directory Runtime Considerations Oracle Virtual Directory Component Characteristics
» Oracle Virtual Directory High Availability Architecture
» Configuring Oracle Virtual Directory on OVDHOST2 Follow these steps to configure
» Registering Oracle Virtual Directory with a WebLogic Domain It is recommended
» On the Installation Complete screen, click Finish to confirm your choice to exit.
» Troubleshooting LDAP Adapter Creation
» Oracle Directory Integration Platform Component Characteristics
» Oracle Directory Integration Platform High Availability Architecture
» Configuring Oracle HTTP Server for Oracle Directory Services Manager High
» If WebLogic Node Manager Fails to Start Operation Cannot Be Completed for Unknown Errors Message
» Oracle Directory Services Manager Component Characteristics
» Oracle Directory Services Manager High Availability Architecture
» Protection from Failures and Expected Behaviors
» Performing a WebLogic Server Instance Failover
» Using Oracle Directory Services Manager to Validate a Failover of a Managed Server
» Collocated Architecture Overview Troubleshooting Collocated Components Manager High Availability
» Additional Considerations for Collocated Components High Availability
» Oracle Access Manager Component Characteristics
» Oracle Access Manager High Availability Architecture
» Oracle Security Token Service High Availability Architecture
» Oracle Security Token Service Component Characteristics
» In the Customize Server and Cluster Configuration screen, select Yes, and click
» On the Configuration Summary screen, click Create to begin the creation process.
» Oracle Identity Manager Component Characteristics
» Runtime Processes Component and Process Lifecycle
» Starting and Stopping Oracle Identity Manager Configuration Artifacts External Dependencies
» Oracle Identity Manager High Availability Architecture
» On the Welcome screen, select Create a WebLogic Domain.
» Connect to the database as the leasing user.
» Select Environment - Servers from the Administration Console. Select Clone.
» Select the Automatic Server Migration Enabled option. This enables the Node Click Save.
» Click the OIMMSServerXXXXXX subdeployment. Add the new JMS Server
» Click Save. Authorization Policy Manager High Availability
» Oracle Adaptive Access Manager Component Characteristics
» Oracle Adaptive Access Manager High Availability Architecture
» On the Welcome screen, click Next.
» Oracle Identity Federation Component Characteristics
» High Availability Considerations for Integration with Oracle Access Manager
» Oracle Internet Directory Oracle Virtual Directory Oracle HTTP Server Node Manager
» WebLogic Administration Server Oracle Identity Manager
» Oracle Access Manager Managed Servers Oracle Adaptive Access Manager Managed Servers
» Oracle Identity Federation Starting and Stopping Oracle Identity Management Components
» Oracle HTTP Server and Oracle WebLogic Server
» Prerequisites Configuring Oracle HTTP Server for High Availability
» Install Oracle HTTP Server on WEBHOST2
» Oracle Web Cache Request Flow
» Oracle Web Cache Stateless Load Balancing
» Oracle Web Cache Backend Failover Oracle Web Cache Session Binding
» Oracle Web Cache Cluster-Wide Configuration Changes
» Oracle Web Cache as a Software Load Balancer
» From the Session Name list, select a session to enable binding for a specific
» Click Add. In the Component field, enter the name of the cache member.
» Adding a Node in Oracle Advanced Database Multimaster Replication
» Deleting a Node in Oracle Advanced Database Multimaster Replication
» Oracle IPM Component Characteristics
» Oracle IPM High Availability Architecture
» Creation of Oracle IPM Artifacts in a Cluster Troubleshooting Oracle IPM
» Oracle UCM Component Characteristics
» Oracle UCM High Availability Architecture
» Oracle UCM and Inbound Refinery High Availability Architecture
» Oracle URM High Availability Protection from Failure and Expected Behaviors
» Shared Storage Configuring the Oracle Database
» Installing Oracle ECM on ECMHOST1
» On the Welcome screen, select Create a new WebLogic domain.
» In the Select JMS Distributed Destination Type screen, select UDD from the
» Configuring Oracle HTTP Server on WEBHOST1
» Terminology for Directories and Directory Environment Variables
» Administration Server Topology 1 Transforming Oracle Fusion Middleware Infrastructure Components
» Administration Server Topology 2 Transforming Oracle Fusion Middleware Infrastructure Components
» Click Activate Changes. Choose Environment Servers. Click Control. Select WLS_EXMPL. Click Start.
» Transforming Oracle Internet Directory and Its Clients
» Select the Connect to a directory -- Create A New Connection link in the
» Click JDBC Connection under Data Sources.
» Click Administration. Click Scheduler Configuration under System Maintenance Click Apply.
» Database Instance Platform-Specific Considerations
» Example Topology 1 Example Topology 2
» Destination Topologies Cold Failover Cluster Transformation Procedure
» Introduction to Oracle Clusterware Cluster Ready Services and Oracle Fusion Middleware
» Upgrading Older Versions of ASCRS to the Current ASCRS Version Installing ASCRS
» Configuring ASCRS with Oracle Fusion Middleware
» Creating a Virtual IP Resource Creating a Shared Disk Resource
» Creating an Oracle Database Listener Resource Creating an Oracle Database Resource
» Creating a Middleware Resource
» Updating Resources Starting Up Resources Shutting Down Resources Resource Switchover
» Oracle Portal, Forms, Reports, and Discoverer Architecture
» Oracle Forms Runtime Considerations Oracle Forms Process Flow
» Oracle Forms Configuration Files Oracle Forms External Dependencies Oracle Forms Log Files
» Oracle Discoverer Runtime Considerations
» Preference Server Failover Session State Replication and Failover Performance Recommendation
» Dependencies Network Requirements Prerequisites
» Install Oracle WebLogic Server Install Oracle Portal, Forms, Reports, and Discoverer Validation
» Oracle BI EE Component Characteristics
» Oracle BI EE and EPM High Availability Architecture
» Shared Files and Directories
» Cluster-Wide Configuration Changes Oracle BI EE High Availability Concepts
» Oracle Essbase Component Characteristics
» Oracle Essbase High Availability Architecture Protection from Failures and Expected Behaviors
» Oracle Hyperion Provider Services Component Characteristics
» Oracle Hyperion Provider Services High Availability Architecture
» Workspace Component Characteristics Oracle EPM Workspace Component Architecture
» Workspace High Availability Architecture
» Oracle Hyperion Financial Reporting Component Characteristics
» Oracle BI Publisher Component Characteristics
» Oracle BI Publisher High Availability Architecture
» Oracle RTD Component Characteristics
» Oracle RTD High Availability Architecture
Show more