intermittent IDP failure

Cantor, Scott cantor.2 at
Fri Feb 1 11:05:25 EST 2013

On 2/1/13 10:41 AM, "Steven Carmody" <steven_carmody at> wrote:
>sorry for the naive question -- I'm completely removed from the
>operational issues here. "direct TCP load balancing" --  that sounds
>like an option in the F5 ? It would balance, but would just pass the
>headers and other info (eg originating IP address) right thru and not
>rewrite it ?

It passes packets. It's L4 load balancing instead of L7.

>we currently have a 180 second stickiness at the load balancer. That
>gets the use thru the initial login. However, some apps (see above)
>continue to send the user back to the IDP, randomly.

180 is not enough for many users to get logged in, but sending you back to
the IdP cold isn't going to cause this error. It physically can't, because
that step would include the SAML request.

The only way this happens is if the login context is not replicated and
you switch IdPs in the middle of the login process. Or the back button of

-- Scott

More information about the users mailing list