1

I have a system where we have 6 java application servers all protected by an OpenAM agent. We only have 1 agent configured in openAm and everything works fine. I did notice if I kill a session in openam the agent took a while to notice (probably the length of time the agent has things cached for).

I started wondering recently about 'Agent Notification URL' this can only be configured to one URL per agent configured so how can my 6 application servers get notifications? Do I have to configure 6 agents identically, only difference being the 'Agent Notification URL', to get notifications working to all agents/app server?

Any help/guidance here appreciated as the documentation on this is pretty poor.

user260495
  • 117
  • 2
  • 13

1 Answers1

0

You should create an AgentGroup and one agent profile (so 6) for each application server. Assign the agent profiles to the group and make it inherit all settings from the AgentGroup but 'debug' level (so that you can configure it per agent profile).The notification url will then be unique for the Agent and OpenAM will send out an notification to all agents that registered for notification. Make sure that each OpenAM instance can communicate with the 'notification urls' (if TLS is in the play, make sure OpenAM JVM's trust in configured properly)

Bernhard Thalmayr
  • 2,674
  • 1
  • 11
  • 7
  • Thanks. So the agent group will have all the settings of my current group and the groups will then only override the notificaiton URL? I'm not sure what you mean by 'debug' level, is there any good documentation out there on doing something like this? – user260495 Feb 24 '17 at 10:26
  • the agent profile will override the notification URL, not the agent group. 'debug' level is just one property of the agent profile, which you might not inherit from the agent group. https://backstage.forgerock.com/docs/openam/13.5/admin-guide/chap-agents#create-agent-group https://backstage.forgerock.com/docs/openam/13.5/admin-guide/chap-agents#configure-web-policy-agent https://backstage.forgerock.com/docs/openam/13.5/admin-guide/chap-agents#configure-j2ee-policy-agent – Bernhard Thalmayr Feb 24 '17 at 19:54