Configuring multiple Authorize gateway instances
To achieve high-availability and scalability, you can configure multiple Authorize gateway instances and deploy their Docker containers across multiple servers.
When multiple gateway instances are connected to an Authorize gateway, PingOne maintains a list of the active connections for each gateway. If a gateway instance isn’t available, it’s excluded from the list of active gateway instances.
Managing credentials
You can set up an Authorize gateway with one gateway credential and have multiple gateway instances share this same credential. If necessary, you can revoke the credential from the Authorize gateway to stop all gateway traffic. Revoking the credential breaks the connection to PingOne, but doesn’t stop gateway instances or decision request evaluation.
When there’s no connection to PingOne, gateway instances keep running with the last successful gateway configuration. However, new authorization policy versions aren’t deployed to any gateway instances that rely on a revoked credential.
|
Use a different credential for each gateway instance. This allows you to revoke access to individual gateway instances. |
Gateway instances log connection failures with PingOne. Learn more in Logging for Authorize gateway instances.
Ensuring version compatibility
Authorization policy versions sometimes contain features that aren’t compatible with older gateway instances. To ensure all policy features are supported, every authorization policy version specifies a minimum required gateway instance version. To successfully publish an authorization policy version to a gateway, all of the gateway’s associated gateway instances must meet or exceed this minimum version.
Before you publish a new authorization policy version to a gateway, upgrade each gateway instance to meet or exceed the minimum required gateway instance version.