Hi APIM team, According to the docs; We are not recommending the thrift protocol to communicate with GW and KM when even TCP load balancer is used.
The problem is that; thrift connection must be authenticated & thrift session is not replicated among key manager nodes. IMO; we have three solution for this. 1. Replicate thrift session in KM nodes 2. Client side load balancing 3. Sending authentication credentials from GW to KM in every request. This has been implemented in WSO2IS for XACML PDP. You can find the details [1] & sample thrift client [2] We can easily implement approach 3, Shall we consider this for next APIM release ? [1] http://xacmlinfo.org/2014/04/11/thrift-load-balancing/ [2] https://svn.wso2.org/repos/wso2/people/asela/xacml/pep/thrift-LB Thanks, Asela. -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
