Table of Contents |
---|
...
- Open the Internet Information Services (ISS) Manager
- Create a self-signed certificate
- Add a website
- Add a server farm
- Verify the Routing rule and URL Rewrite Rule
- Configure the Server Affinity
- Configure the Proxy settings
- Configure the load balancer
- Open the Internet Information Services (ISS) Manager:
- Windows button → Type and click Server Manager.
- Under the Servers field, highlight the IIS on the left.
- Right click the Proxy Server name.
- Select Internet Information Services (IIS) Manager.
- Windows button → Type and click Server Manager.
- Create a self-signed certificate:
- Go to IIS Manager
- Under the Connections field, left-click the server name
- Double-click the Server Certificates icon.
Info HTTPS connections require a web certificate. Either self-signed or trusted certificate can be used. In this example, a self-signed certificate is used.
You can also use for testing the self-signed certificate created during SSO installation process by importing
C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\keystore.pfx
. This certificate has as alternative subjects both SSO and Accounting Service host names. - Click the Self-Signed Certificate under the Actions field.
- Assign a name for the certificate.
- Use value Personal for the certificate store.
Under the Connections field, right-click the Sites → Select Add Website...
In the Add Website dialog, define the following parameters:
Site name:
<your site name>
Physical Path:
C:\inetpub\wwwroot
Type:
https
Host name:
<uas.url from win32.config>
SSL certificate:
<certificate created before>
- Click the OK button.
- Under the Connections field, right-click the Server Farm.
- Select Create Server Farm...
Assign a name for the server farm
Click the Next button
Add the SSO servers to the server farm.
Define the Server address (host name or IP address).
Under the advanced settings, verify that you have the correct HTTP and HTTPS port numbers. In this example, the default HTTP port 80 is changed to 8080 (from
proxy.local.url
inwin32.config
).Click the Finish button.
Click Yes to create a URL rewrite rule to automatically route all incoming requests to your server farm.
- Under the Connections field, select your Server Farm name
- Double-click the Routing Rules icon.
- Verify that the Use URL Rewrite to inspect incoming requests checkbox is enabled.
Under the Actions field, click the URL Rewrite... link.
The URL Rewrite name has to use the syntax:
ARR_< Server Farm Name >_loadbalance
.Note If you rename the rule it will break the link between ARR (Application Request Routing) and URL Rewrite rule.
To open the rule: Right-click the rule name → Select Inbound Rules → Select Edit...
Verify the following values:
Action type:
Route to Server Farm
Scheme:
http://
Server Farm:
<Your Server Farm Name>
Path:
/{R:0}
Click the Conditions drop-down list → Click the Add... button and specify the following values:
Input:
{HTTP_HOST}
Check if input string:
Matches the Pattern
Pattern:
<uas.url from win32.config>
Under the Connections field, select your Server Farm name → Double-click the Server Affinity icon.
Check the Client affinity checkbox.
Under the Actions field, click the Apply.
Info "Sticky Sessions and client affinity are ways of maintaining a persistent connection to a specific webfarm node until the client session ends. When a client connects to a website, the load balancer starts a session on a specific node: as long as the client is connected, all requests are sent back to that node."
Under the Connections field, Select your Server Farm name → Double-click the Proxy icon.
Check the Reverse rewrite host in response header checkbox and uncheck the Include TCP port from client IP checkbox.
- Under the Actions field, click Apply.
Under the Connections field, select your Server Farm name → Double-click the Load Balance icon.
Under the Load Balance field, configure the parameters:
Load balance algorithm:
Weighted round robin
Load distribution:
Custom distribution
Relative Weight of SSO Server 1:
1000000000
Relative Weight of SSO Server 2:
1
Click Apply under Actions.
Info For High-Performance setup, only proxy related setting is "Load Balance". In High-Performance setup, requests are distributed equally.
For High-Performance setup, SSO has to be setup for REDIS in-memory database for session management.
...