Stateless Login Handler Stickiness

Cantor, Scott cantor.2 at
Wed Feb 6 16:16:10 EST 2013

> If an IdP uses a stateless login handler like the one developed by OSU, is
> there a need for any session stickiness at all?


> Specifically, it's my understanding that the login/response generation
> process as a whole requires server-side statefulness(destination SP, etc.
> persisted in the IdP session) even if the login handler manages
> authentication state using a client-side state persistence mechanism like
> cookies.  Is that right, making ~5 minute session stickiness a requirement
> even in this case?

Absolutely. That's not changing, we explicitly ruled out trying to avoid that requirement for V3. The conversation state is going to be server side.
-- Scott

More information about the users mailing list