SAML SSO in HA-Cluster
To keep the non-primary SSO settings with the matched certificate, import all HA non-primary nodes’ SSO IdP certificates into the HA primary node before the real-time synchronization or HA failover.
Primary and secondary nodes with different SSO methods
SAML SSO in HA-Cluster is only supported locally. When the HA primary and secondary nodes have different SSO methods:
-
Before you enable HA primary, synchronize the real-time settings for Administrators, Admin Profiles, Device Groups, LDAP/RADIUS Servers and Certificate.
-
Ensure all SSO certificates on all HA nodes are imported on the HA primary node. This is because the SSO settings on secondary nodes are not overridden by the primary node. Only the certificates will be replaced.
-
When HA failover is triggered, the SSO setting will not be synchronized. However, the certificates will be overridden.