Queue server#

Sending events to queue server#

The following events can be sent to the queue server:

  • user registration (USER_REGISTERED);

  • password changed (USER_PASSWORD_SET);

  • marker of session cancellations changed (USER_CRID_CHANGED);

  • user attribute changes (USER_ATTRIBUTE_CHANGED);

  • clearing user attributes (USER_ATTRIBUTE_REMOVED);

  • user removed (USER_REMOVED);

  • external user account bound (FEDERATION_POINT_BOUND);

  • external user account detached (FEDERATION_POINT_UNBOUND);

  • revocation of the authorization (scopes) issued to the application (SCOPES_REVOKED);

  • group created (GROUP_CREATED);

  • attributes of group updated (GROUP_UPDATED);

  • group removed (GROUP_REMOVED);

  • group member added (GROUP_MEMBER_ADDED);

  • group member removed (GROUP_MEMBER_REMOVED).

To send events to the queue you should create a block blitz.prod.local.idp.events with the following code (using the example of user registration and password change):

"events" : {
    "drivers" : {
        "rabbit_driver" : {
            "properties" : {},
            "server" : {
                "host" : "<RMQ_HOST>",
                "port" : 5672
            },
            "type" : "RMQ",
            "user" : {
                "password" : "<RMQ_PASS>",
                "username" : "<RMQ_USERNAME>"
            }
        }
    },
    "routes" : {
        "USER_PASSWORD_SET" : [
            "password_sync"
        ],
        "USER_REGISTERED" : [
            "registration"
        ]
    },
    "targets" : [
        {
            "discardList" : "PSWD_SYNC_DISCARD",
            "driver" : {
                "ext" : {
                    "exchange_name" : "users",
                    "routing_key" : "pwd_sync"
                },
                "id" : "rabbit_driver"
            },
            "encCertificate" : "rmqkey",
            "name" : "password_sync",
            "redelivery" : 3
        },
        {
            "discardList" : "REG_DISCARD",
            "driver" : {
                "ext" : {
                    "exchange_name" : "users",
                    "routing_key" : "registration"
                },
                "id" : "rabbit_driver"
            },
            "encCertificate" : "rmqkey",
            "name" : "registration",
            "redelivery" : 3
        }
    ]
}

Following settings should be configured:

  • RMQ_HOST - RabbitMQ queue server domain;

  • RMQ_USERNAME - user name for the queue server;

  • RMQ_PASS - password for the queue server.

In addition, to encrypt passwords sent to the queue (only for USER_REGISTERED and USER_PASSWORD_SET messages), the encCertificate parameter should specify the alias of the electronic signature key (in the standard BlitzIdPKeystore.jks key store) with which to encrypt passwords in messages.

Queue server as a message broker#

Blitz Identity Provider uses a built-in message broker to handle asynchronous tasks, using a database to track tasks.

If the intensity of requests to the Blitz Identity Provider is high, it may be appropriate to use the RabbitMQ queue server as a message broker. To do this, you need to make the following settings in the RabbitMQ console (usually, http://hostname:15672/):

  • create a queue with the name blitz-tasks (in the “Queues “ menu of the console);

  • create an exchange named blitz-tasks-exh (in the “Exchanges “ menu of the console) and configure binding on the blitz-tasks queue with a routing_key named blitz-tasks;

  • create the blitz user (in the “Admin” menu of the console) and assign rights to the created queue to it.

After configuring RabbitMQ, adjust the settings in blitz.conf - in the blitz.prod.local.idp.tasks block set broker-type to rmq and set the connection settings to RabbitMQ in the broker-rmq block:

  • set the name blitz-tasks-exh in the exchange parameter;

  • set the queue parameter in the executionRules block and the name parameter in the queues block to blitz-tasks;

  • set the user name (blitz) in the username parameter in the user block;

  • set the user’s password in the password parameter in the user block - the password will be encrypted after Blitz Identity Provider is launched;

  • specify the address and port of the connection to RabbitMQ in the host and port parameters of the server block;

  • if necessary, adjust other parameters defining the size of the connection pool (poolSize), the number of channels (channelSize), the waiting time for a response from the queue server (ackTimeout);

  • if necessary, adjust the task processing broker settings that determine the number of attempts (maxAttempts) to re-process tasks in case of an error, the time between attempts (redeliveryDelayInSec), the size of the processed message bundle (dequeueBatchSize), the queue check period (dequeuePeriodInSec), the number of handlers (executorPoolSize):

A configuration example is shown below:

"tasks" : {
    "broker-type" : "rmq",
    "broker-rmq" : {
        "consumer" : {
            "poolSize" : 2
         },
         "exchange" : "blitz-task-exh",
         "publisher" : {
             "ackTimeout" : 15,
              "channelsSize" : 8,
              "poolSize" : 2
         },
         "server" : {
             "host" : "RMQ_HOST",
             "port" : 5672
         },
         "user" : {
             "password" : "CHANGE_ME",
             "username" : "blitz"
         }
    },
    "executionRules" : [
        {
            "maxAttempts" : 2,
            "queue" : "blitz-tasks",
            "redeliveryDelayInSec" : 60
        }
    ],
    "queues" : [
        {
            "dequeueBatchSize" : 10,
            "dequeuePeriodInSec" : 30,
            "executorPoolSize" : 5,
            "name" : "blitz-tasks"
        }
    ]
}