Hi Experts,
with Secure Login Server you have two choices how to deploy the client policy. One is to use „dynamic“ policy download by only distributing the PolicyURL to the Secure Login Client, where the client can then download the latest Secure Login Client profiles (ProfileDownloadPolicy). An other way is to use the "static" policy contained in the ProfileGroup registry file you can download from the SLS.
To achieve high availability/failover we recommend our customers to use at least two Secure Login Severs. Given the fact now I have two Secure Login Servers, in the Client Authentication Profile -> Secure Login Client Settings I have to add two enrollURLs. I would assume on each SLS there is an different GUID or Policy ID generated, right? This is the failover configuration for the Secure Login Client. If the first Enroll URL cannot be established, the Secure Login Client tries the next Enroll URL, defined.
Example: One enrollURL0 (primary SLS) and enrollURL1 (second SLS).
While adding an enrollURL i am only able to set Protocol, Hostname, Port and Version of the Secure Login Client. Where i can define the ID of the Profile?
One first need to setup the second SLS, get the Profile ID and add this to the policy configuration on the primary server, but there is no way to do so.
Example in the ProfileGroup_<ProfileGroupName>.reg (or after downloading the Policy from the primary server - will be contained):
"enrollURL0"="https://<server1>:<port>/SecureLoginServer/slc2/doLogin?profile=a584209c-5de8-4bf7-85da-58d1cf3b1072" "enrollURL1"="https://<server2>:<port>/SecureLoginServer/slc2/doLogin?profile=a584209c-5de8-4bf7-85da-58d1cf3b1072"
Now I have the change the Profile ID (GUID) of the enrollURL1 manually to match the correct Profile ID of the second Secure Login Server.
My question is, have I missed something or is a failover configuration only possible by manually modifing the registry file downloaded from the SLS and replacing the GUID with the right value?
Please let me know.
Regards,
Carsten