Configuring Load Balancing for the Hyland IdP Server - Identity and Access Management Services - 3.2 - 3.2 - Other - external

Identity and Access Management Services

Platform
Other
Product
Identity and Access Management Services
Release
3.2
License

This section describes considerations that must be accounted for before attempting to load balance the Hyland IdP servers. These considerations apply to each IdP server in the load-balanced environment.

The following considerations need to be accounted for before attempting to load balance the servers:

  • Each server in the load-balanced environment should use the same idpconfig.json file. If a single, shared file cannot be used, the idpconfig.json files must be exactly the same between servers. In a default installation, the idpconfig.json file is located on each server at C:\Program Files\Hyland\identityprovider.

  • The identity running the application pool for each Hyland IdP server must have Modify access to the ipdconfig.json file.

  • The same keyfile directory, used for encrypting and decrypting cookies, tokens, and other values, must be accessible to all Hyland IdP servers in the load-balanced environment.

  • The identity running the application pool for each Hyland IdP server must have Modify access to the keyfile location.

  • The IdPConfig File Path, Key File Persistence Location, and Key Encryption Certificate Thumbprint settings are required to be configured in the initialization client to successfully create a load-balanced environment on the Hyland IdP server. The values of these settings for each Hyland IdP server in the load-balanced environment must match so that each load-balanced environment has the same exact values. For information on configuring these settings, see Setting Up the Hyland IdP Server.
  • The same signing and encryption certificates need to be installed to the Personal Store under LocalMachine on each Hyland IdP server in the load-balanced environment. The identity running the application pool for each Hyland IdP server must have Read access to the private keys of the signing and encryption certificates.

  • As of 3.0.1, in load-balanced environments using SSL termination or when the Hyland IdP server is deployed behind a proxy server, you must properly configure the X-Forwarded-Host and X-Forwarded-Proto headers in the proxy server or load balancer, depending on your environment. For more information on configuring these headers, consult the Microsoft documentation.