Implementation Guide › Configuration Considerations › Multiple Data Centers › Multiple Data Center Use Cases › Login Server Controlling User Store Writes
Login Server Controlling User Store Writes
The location of LDAP writable masters can constrain a SiteMinder deployment. Consider using one or more centralized login servers to eliminate requirements for writable masters in each data center.
The following diagram illustrates:
- A multiple data center deployment in which:
- A login server in data center two and data center three.
When users request access to a protected URL in data center one:
- The Web Agent redirects the request to the logon server in data center two. The redirect is based on the authentication scheme that is protecting the resource.
Note: For more information about authentication schemes, see the Policy Server Configuration Guide.
- The Policy Server in data center two authenticates the user and writes to the master user store.
- The Policy Server creates a SiteMinder session ticket and passes it back to the original protected URL.
Note: For more information about user sessions, see the Policy Server Configuration Guide.
- A Web Agent places the SiteMinder session ticket into a cookie, which it uses to handle subsequent authentication and authorization requests in the data center until the user requests another resource that requires additional credentials or the session expires.