The Identity Servers page is the starting point for managing Identity Servers. You can use this page to stop and start servers, and to assign servers to Identity Server clusters. Identity Server cannot operate until you assign it to an Identity Server cluster.
Click Devices > Identity Servers.
Under the Servers tab, the following options are available:
Start: Starts the selected server. See Restarting Identity Server.
Stop: Stops the selected server. See Restarting Identity Server.
Refresh: Refreshes the server list.
Actions: Enables you to perform the following task:
Update Health from Server: Performs a health check for the device.
Export Configuration: Enables you to export Identity Server configuration to another setup. See Section 31.5, Exporting the Configuration Data.
Import Configuration: Enables you to import Identity Server configuration from another setup. See Section 31.6.3, Importing Identity Server Configuration Data.
This page also displays links in the following columns:
|
Column |
Description |
|---|---|
|
Name |
Lists Identity Server and cluster configuration names. |
|
Status |
Lists the status of each configuration. Current: Indicates that the server is using the latest configuration data. If you change a configuration, the system displays an Update or Update All link. Update: A link to update an Identity Server’s configuration data without stopping the server. Update All: A link displayed for cluster configurations. This lets you update all Identity Servers in a cluster to use the latest configuration data, with options to include logging and policy settings. For more information, see Updating Identity Server Configuration. |
|
Health |
Lists the health of each configuration and each server. |
|
Alerts |
Displays the Alerts page, where you can monitor and acknowledge server alerts. |
|
Commands |
Displays the Command Status page. |
|
Statistics |
Displays the Server Statistics page and allows you to view the server statistics. See Monitoring Identity Server Statistics. |
|
Configuration |
Lists Identity Server configuration to which this server belongs. |
Start: Run one of the following commands:
/etc/init.d/novell-idp start
rcnovell-idp start
Stop: Run one of the following commands:
/etc/init.d/novell-idp stop
rcnovell-idp stop
Whenever you change the configuration of Identity Server, the system prompts you to update the configuration. An Update Servers status is displayed under the Status column on the Servers page. You must click Update Servers to update the configuration so that your changes take effect.
When you click this link, it sends a reconfigure command to all servers that use the configuration. The servers then begin the reconfiguration process. This process occurs without interruption of service to users who are currently logged in.
When you update a configuration, the system blocks inbound requests until the update is complete. The server checks for any current requests being processed. If there are such requests in process, the server waits five seconds and tests again. This process is repeated three times, waiting up to fifteen seconds for these requests to be serviced and cleared out. After this period of time, the update process begins. Any remaining requests might have errors.
During the update process, all settings are reloaded with the exception of the base URL. In most cases, user authentications are preserved; however, there are conditions during which some sessions are automatically timed out. The following are the conditions:
A user logged in via an authentication contract that is no longer valid. This occurs if an administrator removes a contract or changes the URI that is used to identify it.
A user logged in to a user store that is no longer valid. This occurs if you remove a user store or change its type. Changing the LDAP address to a different directory is not recommended, because the system does not detect the change.
A user received authentication from an identity provider that is no longer trusted. This occurs if you remove a trusted identity provider or if the metadata for the provider changed.
Additionally, if you remove a service provider from an identity provider, the identity provider removes the provided authentication to that service provider. This does not cause a timeout of the session.
Changes to the SAML and Liberty protocol profiles can result in the trusted provider having outdated metadata for Identity Server being reconfigured. This necessitates an update at the other provider and might cause unexpected behavior until that occurs.
Click Devices > Identity Servers.
Click Update or Update All.
These options are available only when you have made changes that require a server update.
Starting and stopping an Identity Server terminates active user sessions. These users receive a prompt to log in again unless you have configured session failover (see Configuring Session Failover).
Click Devices > Identity Servers, then select Identity Server to stop.
Click Stop.
Wait for the Command Status to change from Pending to Complete.
Select Identity Server, and click Start.
When the Command Status changes to Complete, click Refresh.
The status icon of Identity Server must turn green.