Any Thoughts/Recommendations on Load Sharing and Failover?

Christopher Bongaarts cab at
Wed Aug 22 11:59:56 EDT 2012

On 8/16/2012 3:05 PM, Cantor, Scott wrote:

>> OTOH it seems superficially like redundant/load balanced IDPs would work
>> fairly well if they shared keys.  Given all the other things that would
>> be shared (like configurations and hence vulnerabilities) I don't see
>> that as much of a problem.
> It has performed extremely well in that way for me for about 8 years now.
> I would not see myself ever going back to a shared state model in the IdP,
> but that again comes back to logout (as in not doing it).

This morning we converted from Terracotta-clustered IdP to a "stateless" 
one, and it has been performing swimmingly.  TC adds a fair amount of 

But we are still interested in restoring some state, to support some 
semblance of single logout (despite the caveats) and to support Artifact 
(Scott K.'s wiki images use case).  We're planning to revisit it when 
IdP 3 is available.

%%  Christopher A. Bongaarts   %%  cab at          %%
%%  OIT - Identity Management  %%  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

More information about the users mailing list