Stateless Login Handler Stickiness

Nate Klingenstein ndk at
Wed Feb 6 16:28:30 EST 2013

Thanks to you and Christopher both.  I've added a paragraph about this to the IdPStatelessClustering Wiki page where I would've expected to find this information.  I can't any good place to put it on the IdPClusterIntro page and this should suffice.

On 6 Feb 2013, at 21:16, "Cantor, Scott" <cantor.2 at>

>> If an IdP uses a stateless login handler like the one developed by OSU, is
>> there a need for any session stickiness at all?
> Yes.
>> Specifically, it's my understanding that the login/response generation
>> process as a whole requires server-side statefulness(destination SP, etc.
>> persisted in the IdP session) even if the login handler manages
>> authentication state using a client-side state persistence mechanism like
>> cookies.  Is that right, making ~5 minute session stickiness a requirement
>> even in this case?
> Absolutely. That's not changing, we explicitly ruled out trying to avoid that requirement for V3. The conversation state is going to be server side.
> -- Scott
> --
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list