Managing A Cluster Of Access Gateways - Novell ACCESS MANAGER 3.1 SP1 - GATEWAY GUIDE Manual

IMPORTANT: Changing the reverse proxy that is used for authentication is not a trivial task. For
example, if you have customized the logout options on your Web servers to redirect the logout
request to the Logout URL of the current authentication reverse proxy, you need to modify these
options to point to a new Logout URL.
If you have set up SSL connections, you need to change your certificate configurations.
To select the reverse proxy to use for authentication:
1 In the Administration Console, click Devices > Access Gateways > Reverse Proxy /
Authentication.
2 In the Embedded Service Provider section, select a value for the Reverse Proxy option. This is
the reverse proxy that is used for authentication.
The screen is refreshed and the Metadata URL, Health-Check URL, and Logout URL are
rewritten to use the selected reverse proxy.
3 (Conditional) If your Access Gateway certificates were generated by a different certificate
authority than your Identity Server certificates, you need to import the trusted root of the
Identity Server into the trusted root keystore of the Embedded Service Provider. Click Auto-
Import Identity Server Configuration Trusted Root, click OK, specify an alias, click OK, then
click Close.
If you don't know whether you need to import the trusted root, click the option. If the trusted
root is already in the keystore, the duplicate key is not imported and you are informed of this
condition.
4 In the Reverse Proxy List, click the name of the reverse proxy that you have selected for
authentication.
5 If you have enabled SSL between the Embedded Service Provider and the Identity Server, you
need to import the trusted root of the Embedded Service Provider into the trusted root keystore
of the Identity Server. Click Auto-Import Embedded Service Provider Trusted Root, click OK,
specify an alias, click OK, then click Close.
If you don't know whether you need to import the trusted root, click the option. If the trusted
root is already in the keystore, the duplicate key is not imported and you are informed of this
condition.
6 To save your changes to browser cache, click OK.
7 To apply the changes, click the Access Gateways link, then click Update > OK.
8 (Conditional) If you have customized Web logout pages, update them to use the new Logout
URL.

6.4 Managing a Cluster of Access Gateways

Most of the configuration tasks are the same for a single Access Gateway and a cluster of Access
Gateways. (For information on how to create a cluster of Access Gateways, see
Gateways" in the
are specific to managing the servers of an existing cluster:
Section 6.4.1, "Managing the Servers in the Cluster," on page 167
Section 6.4.2, "Changing the Primary Cluster Server," on page 168
Section 6.4.3, "Applying Changes to Cluster Members," on page 168
166 Novell Access Manager 3.1 SP1 Access Gateway Guide
Novell Access Manager 3.1 SP1 Setup
"Clustering Access
Guide.) This section describes the tasks that