Stateless Login Handler Stickiness
Cantor, Scott
cantor.2 at osu.edu
Wed Feb 6 16:16:10 EST 2013
> If an IdP uses a stateless login handler like the one developed by OSU, is
> there a need for any session stickiness at all?
Yes.
> Specifically, it's my understanding that the login/response generation
> process as a whole requires server-side statefulness(destination SP, etc.
> persisted in the IdP session) even if the login handler manages
> authentication state using a client-side state persistence mechanism like
> cookies. Is that right, making ~5 minute session stickiness a requirement
> even in this case?
Absolutely. That's not changing, we explicitly ruled out trying to avoid that requirement for V3. The conversation state is going to be server side.
-- Scott
More information about the users
mailing list