This section describes considerations that must be accounted for before attempting to load balance the Hyland IdP servers. These considerations apply to each IdP server in the load-balanced environment.
The following considerations need to be accounted for before attempting to load balance the servers:
-
Each server in the load-balanced environment should use the same idpconfig.json file. If a single, shared file cannot be used, the idpconfig.json files must be exactly the same between servers. In a default installation, the idpconfig.json file is located on each server at C:\Program Files\Hyland\identityprovider.
-
The identity running the application pool for each Hyland IdP server must have Modify access to the ipdconfig.json file.
-
The same keyfile directory, used for encrypting and decrypting cookies, tokens, and other values, must be accessible to all Hyland IdP servers in the load-balanced environment.
-
The identity running the application pool for each Hyland IdP server must have Modify access to the keyfile location.
- The IdPConfig File Path, Key File Persistence Location, and Key Encryption Certificate Thumbprint settings are required to be configured in the initialization client to successfully create a load-balanced environment on the Hyland IdP server. The values of these settings for each Hyland IdP server in the load-balanced environment must match so that each load-balanced environment has the same exact values. For information on configuring these settings, see Setting Up the Hyland IdP Server.
-
The same signing and encryption certificates need to be installed to the Personal Store under LocalMachine on each Hyland IdP server in the load-balanced environment. The identity running the application pool for each Hyland IdP server must have Read access to the private keys of the signing and encryption certificates.
-
As of 3.0.1, in load-balanced environments using SSL termination or when the Hyland IdP server is deployed behind a proxy server, you must properly configure the X-Forwarded-Host and X-Forwarded-Proto headers in the proxy server or load balancer, depending on your environment. For more information on configuring these headers, consult the Microsoft documentation.