Queue server#

Sending events to queue server#

The following events can be sent to the queue server:

  • user registration (USER_REGISTERED);

  • password changed (USER_PASSWORD_SET);

  • marker of session cancellations changed (USER_CRID_CHANGED);

  • user attribute changes (USER_ATTRIBUTE_CHANGED);

  • clearing user attributes (USER_ATTRIBUTE_REMOVED);

  • user removed (USER_REMOVED);

  • external user account bound (FEDERATION_POINT_BOUND);

  • external user account detached (FEDERATION_POINT_UNBOUND);

  • revocation of the authorization (scopes) issued to the application (SCOPES_REVOKED);

  • group created (GROUP_CREATED);

  • attributes of group updated (GROUP_UPDATED);

  • group removed (GROUP_REMOVED);

  • group member added (GROUP_MEMBER_ADDED);

  • group member removed (GROUP_MEMBER_REMOVED).

To send events to the queue you should create a block blitz.prod.local.idp.events with the following code (using the example of user registration and password change):

"events" : {
    "drivers" : {
        "rabbit_driver" : {
            "properties" : {},
            "server" : {
                "host" : "<RMQ_HOST>",
                "port" : 5672
            },
            "type" : "RMQ",
            "user" : {
                "password" : "<RMQ_PASS>",
                "username" : "<RMQ_USERNAME>"
            }
        }
    },
    "routes" : {
        "USER_PASSWORD_SET" : [
            "password_sync"
        ],
        "USER_REGISTERED" : [
            "registration"
        ]
    },
    "targets" : [
        {
            "discardList" : "PSWD_SYNC_DISCARD",
            "driver" : {
                "ext" : {
                    "exchange_name" : "users",
                    "routing_key" : "pwd_sync"
                },
                "id" : "rabbit_driver"
            },
            "encCertificate" : "rmqkey",
            "name" : "password_sync",
            "redelivery" : 3
        },
        {
            "discardList" : "REG_DISCARD",
            "driver" : {
                "ext" : {
                    "exchange_name" : "users",
                    "routing_key" : "registration"
                },
                "id" : "rabbit_driver"
            },
            "encCertificate" : "rmqkey",
            "name" : "registration",
            "redelivery" : 3
        }
    ]
}

Following settings should be configured:

  • RMQ_HOST - RabbitMQ queue server domain;

  • RMQ_USERNAME - user name for the queue server;

  • RMQ_PASS - password for the queue server.

In addition, to encrypt passwords sent to the queue (only for USER_REGISTERED and USER_PASSWORD_SET messages), the encCertificate parameter should specify the alias of the electronic signature key (in the standard BlitzIdPKeystore.jks key store) with which to encrypt passwords in messages.

Queue server as message broker#

Blitz Identity Provider uses a built-in message broker to handle asynchronous tasks, using a database to track tasks.

If the intensity of requests to the Blitz Identity Provider is high, it may be appropriate to use the RabbitMQ queue server as a message broker. To do this, you need to make the following settings in the RabbitMQ console (usually, http://hostname:15672/):

  • create a queue with the name blitz-tasks (in the “Queues “ menu of the console);

  • create an exchange named blitz-tasks-exh (in the “Exchanges “ menu of the console) and configure binding on the blitz-tasks queue with a routing_key named blitz-tasks;

  • create the blitz user (in the “Admin” menu of the console) and assign rights to the created queue to it.

After configuring RabbitMQ, adjust the settings in blitz.conf - in the blitz.prod.local.idp.tasks block set broker-type to rmq and set the connection settings to RabbitMQ in the broker-rmq block:

  • set the name blitz-tasks-exh in the exchange parameter;

  • set the queue parameter in the executionRules block and the name parameter in the queues block to blitz-tasks;

  • set the user name (blitz) in the username parameter in the user block;

  • set the user’s password in the password parameter in the user block - the password will be encrypted after Blitz Identity Provider is launched;

  • specify the address and port of the connection to RabbitMQ in the host and port parameters of the server block;

  • if necessary, adjust other parameters defining the size of the connection pool (poolSize), the number of channels (channelSize), the waiting time for a response from the queue server (ackTimeout);

  • if necessary, adjust the task processing broker settings that determine the number of attempts (maxAttempts) to re-process tasks in case of an error, the time between attempts (redeliveryDelayInSec), the size of the processed message bundle (dequeueBatchSize), the queue check period (dequeuePeriodInSec), the number of handlers (executorPoolSize):

A configuration example is shown below:

"tasks" : {
    "broker-type" : "rmq",
    "broker-rmq" : {
        "consumer" : {
            "poolSize" : 2
         },
         "exchange" : "blitz-task-exh",
         "publisher" : {
             "ackTimeout" : 15,
              "channelsSize" : 8,
              "poolSize" : 2
         },
         "server" : {
             "host" : "RMQ_HOST",
             "port" : 5672
         },
         "user" : {
             "password" : "CHANGE_ME",
             "username" : "blitz"
         }
    },
    "executionRules" : [
        {
            "maxAttempts" : 2,
            "queue" : "blitz-tasks",
            "redeliveryDelayInSec" : 60
        }
    ],
    "queues" : [
        {
            "dequeueBatchSize" : 10,
            "dequeuePeriodInSec" : 30,
            "executorPoolSize" : 5,
            "name" : "blitz-tasks"
        }
    ]
}