An authoritative server is the cluster member that holds the authentication information for a given user session. For a request associated with a given session to be processed, it must be routed (“proxied”) to the authoritative cluster member. If an L4 switch causes a request to go to a non-authoritative cluster member, that cluster member proxies the request to the authoritative cluster member.
When a request is received, a cluster member uses multiple means to determine which cluster member is the authoritative server for the request. It looks for a parameter on the query string of the URL indicating the authoritative server. It looks for an HTTP cookie, indicating the authoritative server. If these do not exist, the cluster member examines the payload of the HTTP request to determine the authoritative server. Payload examinations result in immediate identification of the authoritative server or a user session ID or user identity ID that can be used to locate the authoritative server.
If a user session ID or user identity ID is found, the ID is broadcast to all cluster members asking which member is the authoritative server for the given ID. The authoritative server receives the broadcast message, determines that it indeed holds the given session or user, and responds accordingly.
The higher the number of proxied requests, the lower the performance of the entire system. Furthermore, the higher the number of payload examinations and ID broadcasts, the lower the performance of the entire system. If these numbers are high, verify the configuration of the L4 switch. Ensure that the session persistence option is enabled, which allows clients to be directed to the same Identity Server after they have established a session.
Statistic |
Description |
---|---|
Currently Active Proxied Requests |
The number of currently active proxied HTTP requests. |
Total Proxied Requests |
The total number of proxied requests that have been processed after Identity Server was started. A request becomes a proxied request when the request is sent first to a non-authoritative machine. |
Total Non-Proxied Requests |
The total number of non-proxied requests that have been processed after Identity Server was started. A request becomes a non-proxied request when the request is sent first to the authoritative machine. |
Authoritative Server Obtained from URL Parameter |
The total number of authoritative servers identified by using the parameter from the URL query string after Identity Server was started. |
Authoritative Server Obtained from Cookie |
The total number of authoritative servers identified by using the HTTP cookie after Identity Server was started. |
Payload Examinations |
The total number of attempted payload examinations to identify the authoritative server after Identity Server was started. |
Successful Payload Examinations |
The total number of successful payload examinations to identify the authoritative server after Identity Server was started. |
Identity ID Broadcasts |
The total number of attempted Identity ID Broadcasts to identify the authoritative server after Identity Server was started. |
Successful Identity ID Broadcasts |
The total number of successful Identity ID Broadcasts to identify the authoritative server after Identity Server was started. |
Session ID Broadcasts |
The total number of attempted Session ID Broadcasts to identify the authoritative server. |
Successful Session ID Broadcasts |
The total number of successful Session ID Broadcasts to identify the authoritative server after Identity Server was started. |