Identity Gateway 2024.3

Migrate from web container mode to standalone mode

An IG .war file isn’t created or delivered from IG 2024.3. Consider these points when migrating from a .war delivery to a .zip delivery.

Session replication between IG instances

High-availability of sessions isn’t supported by IG in the .zip delivery.

Streaming asynchronous responses and events

In ClientHandler and ReverseProxyHandler, use only the default mode of asyncBehavior:non_streaming; responses are processed when the entity content is entirely available.

If the property is set to streaming, the setting is ignored.

Connection reuse when client certificates are used for authentication

In ClientHandler and ReverseProxyHandler, use only the default mode of stateTrackingEnabled:true; when a client certificate is used for authentication, connections can’t be reused.

If the property is set to false, the setting is ignored.

Replacement settings for migration from web container mode with Tomcat

Feature Setting for web container mode with Tomcat Replacement setting

Port number

Configure in the Connector element of /path/to/tomcat/conf/server.xml:

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />

Configure the connectors property of admin.json.

HTTPS server-side configuration

Create a keystore, and set up the SSL port in the Connector element of /path/to/tomcat/conf/server.xml.

Create a keystore, set up secrets, and configure secrets stores, ports, and ServerTlsOptions in admin.json.

For information, refer to Configure IG for HTTPS (server-side).

Session cookie name

Configure WEB-INF/web.xml when you unpack the IG .war file.

Configure the session property of admin.json.

Access logs

Configure with AccessLogValve.

Configure in the Audit framework.

For information, refer to Audit the deployment and Audit framework.

JDBC datasource

Configure in the GlobalNamingResources element of /path/to/tomcat/conf/server.xml.

Configure with the JdbcDataSource object.

For information, refer to JdbcDataSource.

For an example, refer to Password replay from a database.

Environment variables

Configure in /path/to/tomcat/bin/setenv.sh.

Configure in $HOME/.openig/bin/env.sh, where $HOME/.openig is the instance directory.

Jar files

Add to to web container classpath; for example /path/to/tomcat/webapps/ROOT/WEB-INF/lib.

Add to $HOME/.openig/extra, where $HOME/.openig is the instance directory.