Federation Manager GuideFailover Support for Federation ManagerHow To Configure Failover with SSL Enabled › Configure SSL-enabled Failover Behind a Load Balancer

Previous Topic: How To Configure Failover with SSL Enabled

Next Topic: Migrate the SSL Setup to the Secondary System

Configure SSL-enabled Failover Behind a Load Balancer

If Federation Manager is behind a TCP load-balancer, the load balancer passes the requests to Federation Manager, which then handles the server-side SSL processing.

To configure Federation Manager for SSL-enabled failover behind a load balancer

  1. Install Federation Manager on each system, specifying the same Federation Manager Administrator Password for each installation.

    Note: Federation Manager can run in standalone or proxy mode, but the primary and secondary server must use the same mode.

  2. Run the Configuration wizard and use the same database connection information for both systems.
  3. The Configuration wizard prompts for the Apache Configuration information. Specify the same virtual host name in the Server Name setting for the primary and secondary Federation Manager systems. Both systems must use the same virtual host name.

    If Federation Manager is using more than one virtual host or domain, modify the server.conf file for the proxy engine. The server.conf file must list all host names and domains. Add the names to the hostnames field of the Default VirtualHost.

    To edit server.conf

    1. Navigate to the following directory:

      Windows: federation_mgr_home\secure-proxy\proxy-engine\conf

      UNIX: federation_mgr_home/secure-proxy/proxy-engine/conf

    2. Open the server.conf file in an editor.
    3. Go to the # Default Virtual Host section and add the names to the hostnames setting using a fully qualified URL, as follows.

      <VirtualHost name="default">

      hostnames="virtualhost1.ca.com, virtualhost2.ca.com"

      </VirtualHost>

      Note: You can specify multiple URLs for the hostnames setting, separating each entry with a comma.

  4. Log in to the Federation Manager UI.
  5. From the Infrastructure tab, select System Settings.

    The Configure System Settings dialog displays.

  6. Change the Global Base URL to include the host and port of the Proxy Server or load balancer in your federated network. Setting this URL helps ensure that the default URL for all entities in any partnership is correct.

    To modify the server.conf file

    1. Navigate to federation_mgr_home/secure-proxy/proxy-engine/conf.
    2. Open the server.conf file in an editor.
    3. Go to the # Default Virtual Host section.
    4. Add the base URL to the hostnames setting using fully qualified host names, as follows:

      <VirtualHost name="default">

      hostnames="defaultbaseurl.ca.com:80, newbaseurl.ca.com:80"

      </VirtualHost>

    Note: Specify multiple host_name:port entries for the hostnames setting, separating each entry with a comma.

  7. Enable SSL for the embedded Apache Web Server on the primary Federation Manager system.
  8. Migrate the Apache SSL configuration to the secondary system in the failover deployment.
  9. At the load balancer, configure multiple IP addresses for the same host name, which map to the Federation Manager system.

More information:

Federation Manager Installation

Maintaining Configuration Changes in a Failover Environment