It is possible to have multiple NAF filters connect to the same BSF server.
Depending on your load profile it may be necessary to balance NAF traffic across multiple NAFs. For example:
-
If you configure a short
sentinel.gaa.nonce-lifetime
, then you will likely receive a similar number of requests to the BSF and NAF. -
If you configure a long
sentinel.gaa.nonce-lifetime
, then you may receive more requests to the NAF than the BSF. -
If you have multiple NAF groups configured in your HSS, you will need to install a separate NAF Authentication Filter for each NAF group.
This page explains how to install a second NAF Authentication Filter on a separate server. |
Prerequisites
You need these files to install a second NAF Authentication Filter:
apache-tomcat-<version>.zip
You need to copy these files from your existing Sentinel Authentication Gateway installation:
$TOMCAT_HOME/webapps/rem.war $TOMCAT_HOME/bin/setenv.sh $TOMCAT_HOME/bin/rem-rmi.jar $TOMCAT_HOME/rem_home
You also need to install the Java JDK on the new server.
Below are procedures to set up tomcat, copy files from the original install, connect to the remote BSF, and restart Tomcat.
Set up Tomcat
To set up Apache Tomcat for the new Sentinel Authentication Gateway installation:
1 |
Unzip unzip ~/Downloads/apache-tomcat.zip cd apache-tomcat* export TOMCAT_HOME=`pwd` |
||
---|---|---|---|
2 |
Enable SSL for Apache Tomcat.
|
Copy files from the original install
To copy the required files:
1 |
Copy the file mv ~/Downloads/setenv.sh $TOMCAT_HOME/bin/setenv.sh |
||
---|---|---|---|
2 |
Copy the file mv ~/Downloads/rem-rmi.jar $TOMCAT_HOME/bin/rem-rmi.jar |
||
3 |
Copy the file mv ~/Downloads/rem.war $TOMCAT_HOME/webapps/ |
||
4 |
Copy the mv ~/Downloads/rem_home $TOMCAT_HOME/
|
||
4 |
Edit the Filter Configuration if necessary. |
Connect to the remote BSF
1 |
Start Tomcat: cd $TOMCAT_HOME ./bin/catalina.sh start
|
||
---|---|---|---|
2 |
Connect to your remote BSF server:
|
||
3 |
Populate the XCAP host mappings for the new NAF Authentication Filter installation:
|
Now you can send NAF requests to either naf.home1.net
or naf2.home1.net
Restart Tomcat
To restart Tomcat, as needed, run these commands:
cd $TOMCAT_HOME ./bin/catalina.sh stop ./bin/catalina.sh start