Skip to main content
commvault.com commvault.com
Question

Webconsole, Okta, and LiveSync Failover

  • November 11, 2024
  • 2 replies
  • 29 views
B
Byte
Forum|alt.badge.img+3

Hello!

I have a question about failing-over and using Okta to SSO into the webconsole.

Current situation:

Software Version: 11.32.69

We use Okta to SSO into Command Center and Java GUI.  When we log into Commvault, it redirects to our Okta side, performs authentication, and redirects to the Active server’s webconsole link.  (Our webconsole is hosted on the Commserve Server).  

Failover situation:

When we failover, the Passive server’s webconsole actually comes up and works.  I am able to see the login screen.  I am able to enter my credentials, and it redirects to the Okta side.  After it performs the authentication, instead of it redirecting to the passive server webconsole, it attempts to open the active server’s webconsole.  Since it can’t open that, the login fails.

 

Is there a way for it to redirect to the passive server webconsole instead of the active server’s webconsole?  Or is this more of a configuration that needs to be done on the Okta side?

 

Thanks!

 

2 replies

sbhatia
Vaulter
Forum|alt.badge.img+3
  • sbhatiaVaulter
  • Vaulter
  • 17 replies
  • November 13, 2024

Hi Brent, 

To address the issue with the redirection to the passive server's web console during a failover, you should verify and potentially update the URL settings within both the Okta application and the Commvault settings. You would need a reply url configured that can respond to the DR server when it's active.

1. Check the Okta application configuration to ensure that the URLs for both the active and passive servers are correctly specified.

Additionally, you can try:
2. In Commvault, ensure that the web console URL is correctly configured to point to the passive server during a failover. This might involve adjusting settings in the Command Center to reflect the correct failover URL. Refer the additional setting : https://documentation.commvault.com/additionalsetting/details?name=WebConsoleURL

let me know if this works!

B
Byte
Forum|alt.badge.img+3
  • Brent Atwood
  • Author
  • Byte
  • 7 replies
  • November 14, 2024

Hi ​@sbhatia,

I performed a failover after adding that additional setting.  However, it still tried to redirect back to the original server’s webconsole.  

I talked with a member of our Infosec team, and he believes it does this because of the way Okta is setup.  We are looking at creating a VIP address.  Then using that VIP address as a way to redirect to correct server’s webconsole.

Is using VIP addresses common when setting up a Failover environment?

Thanks!

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings