Skip to content
CA Identity Portal - 12.6.8
Documentation powered by DocOps

Installing Identity Portal in a Cluster

Last update November 5, 2015

You can deploy CA Identity Portal in a cluster. A CA Identity Portal cluster is a collection of two or more application server nodes running the CA Identity Portal application and sharing a common CA Identity Portal store (database).

Deploy a CA Identity Portal Cluster

To deploy CA Identity Portal in a cluster on JBoss, Tomcat or WebSphere, follow the installation steps outlined in Installing CA Identity Suite. Repeat the procedure outlined for your application server on each standalone server in the cluster.

Deploy a CA Identity Portal Cluster to WebLogic

CA Identity Portal uses the native WebLogic Cluster.
On WebLogic, the CA Identity Portal installer deploys CA Identity Portal to the WebLogic Admin server. The Admin server in turn deploys CA Identity Portal to the various WebLogic cluster managed servers.

Copy the CA Identity Portal Keystore File from the 1st Node to All the Other Server Nodes


  • This procedure needs to be followed for all application server types (Tomcat, JBoss, WebLogic, WebSphere).
  • This procedure should be performed immediately after the installation of CA Identity Portal is completed and before any configuration is done in the CA Identity Portal Admin Interface.

CA Identity Portal uses a symmetric encryption key to encrypt sensitive values in the configuration store. The encryption key is generated by the CA Identity Portal installer. All nodes in the CA Identity Portal cluster must use the same key.

  1. Locate the sigma keystore file "sigma.keystore" on the first node on which you installed sigma. This is usually located under: "<CA Identity Portal_HOME>\CA Identity Portal\sigma-keystore-tool\sigma.keystore".
  2. Copy that file to all the other nodes, overwriting the files on those nodes (in that same location).
  3. Restart the nodes.

Load Balancing a CA Identity Portal Cluster

NLB VIP Characteristics for a CA Identity Portal cluster are as follows:

  • Relay: CA Identity Portal Application server HTTP/S port (for example TCP/8080).
  • Load Balancing Scheme: IP-stickiness (either based on source ip or jsession cookie).
  • Health Monitor:
    • Basic HTTP monitor sampling on the CA Identity Portal application server HTTP port (for example 8080 on JBoss).
    • Sampled URL should be: /sigma/rest/available
      Valid response should include the following string:

      available: true
Was this helpful?

Please log in to post comments.