UnboundID Identity Broker - LDAP HTTP Session Manager

Identity Broker Documentation Index
Configuration Reference Home

LDAP HTTP Session Manager

Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact UnboundID support for assistance if you believe that you have a need to create or modify this type of object.

The LDAP HTTP Session Manager supports session clustering by persisting sessions to a remote directory service over LDAP. Session clustering should be used to support session failover between Identity Broker instances as well as environments that have a large amount of users and sessions. This feature is experimental and should not be used unless instructed to do so by UnboundID support.

Each Identity Broker instance that received the HTTP request caches sessions locally while writing any changes to the session through to the cluster upon completion of request processing. Any web application and HTTP servlet extensions must only store Serializable objects in the session and must call the Session.setAttribute() methods to ensure changes are persisted.
This session clustering mechanism should be used with a HTTP load balancer that supports stickiness. For load balancers that examine the session ID, the LDAP HTTP Session Manager appends the Identity Broker instance ID to the session ID, which may be used for routing.

↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage

Parent Component

The LDAP HTTP Session Manager component inherits from the HTTP Session Manager

Relations from This Component

The following components have a direct aggregation relation from LDAP HTTP Session Manager:

Load Balancing Algorithm

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ session-tracking-mode
↓ session-idle-time-limit
↓ session-flush-interval
↓ scavenge-interval
↓ load-balancing-algorithm
↓ base-dn

Basic Properties

description

Description	A description for this HTTP Session Manager
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

session-tracking-mode

Description	Specifies the mechanism used to track HTTP sessions between subsequent requests. Use of cookies is the most common and simplest way to track HTTP sessions. In such a case the server will send a cookie with the session ID to the client so that the session will be recognized in subsequent requests. However, some clients may not support cookies and end users may disable their use in browsers. In such cases URL rewriting can be used as a workaround which will include the session ID as a query parameter in the request URL. Not only will the session ID be visible to end users, all web application and HTTP servlet extensions must include the session ID when generating URLs. The additional security risk and possible extra programming necessary should be considered when deciding whether to support URL rewriting.
Default Value	cookie url
Allowed Values	cookie - Sessions will be tracked using HTTP cookies. url - Sessions will be tracked using URL rewriting.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

session-idle-time-limit

Description	Specifies the maximum length of time that a session may be idle before it expires and is invalidated. A duration of zero hours indicates that sessions will never expire.
Default Value	24h
Allowed Values	A duration. Lower limit is 0 seconds. Upper limit is 2147483647 seconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

session-flush-interval

Description	Specifies the interval at which session access times are periodically flushed to the remote directory service and locally cached sessions are reloaded from the remote directory service. This prevents the directory service from being overloaded when a session is accessed very frequently without any changes to the attributes. However if the session attributes are updated, then the session is persisted immediately.
Default Value	60s
Allowed Values	A duration. Lower limit is 1 seconds. Upper limit is 2147483647 seconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

scavenge-interval

Description	Specifies the interval at which checks for expired sessions in the remote directory service are performed. Specifies the recurring period that the scavenging task evaluates the state of a session periodically in the background.
Default Value	10m
Allowed Values	A duration. Lower limit is 0 seconds. Upper limit is 2147483647 seconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

load-balancing-algorithm

Description	Specifies the default load-balancing algorithm that will be used to select the backend server for persisting sessions using this LDAP HTTP Session Manager.
Default Value	None
Allowed Values	The DN of any Load Balancing Algorithm. Load-balancing algorithms associated with LDAP HTTP Session Manager must be enabled.
Multi-Valued	No
Required	Yes
Admin Action Required	The LDAP HTTP Session Manager must be disabled and re-enabled for changes to this setting to take effect. Any HTTP connection handlers must be restarted before changes will take effect.

base-dn

Description	Specifies the base DN where session entries will be managed.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured HTTP Session Manager:

dsconfig list-http-session-manager
     [--property {propertyName}] ...

To view the configuration for an existing HTTP Session Manager:

dsconfig get-http-session-manager-prop
     --manager-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing HTTP Session Manager:

dsconfig set-http-session-manager-prop
     --manager-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new LDAP HTTP Session Manager:

dsconfig create-http-session-manager
     --manager-name {name}
     --set load-balancing-algorithm:{propertyValue}
     --set base-dn:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing HTTP Session Manager:

dsconfig delete-http-session-manager
     --manager-name {name}