Question about Database Backed Storage Service

Sharma, Dattathreya datta at ucla.edu
Thu Apr 3 15:08:43 EDT 2014 

Paul,

>>The plugin persists objects that Shibboleth requests be put into the "session storage partition". Shib divides the storage service into logical units, "session" being one of them. So anything stored in the "session" >>partition is persisted to the DB. That said, I've never used back channel attribute query (only attribute push), so testing it was not on my list (or even on my thought radar).

I suppose it is possible to extend the DB StorageService  to persist  loginContext and replayCache to database, in addition to sessions?

thanks,
Datta


From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Paul Hethmon
Sent: Friday, March 14, 2014 8:56 AM
To: Shibboleth Users
Subject: Re: Question about Database Backed Storage Service


On Mar 13, 2014, at 9:38 PM, Sharma, Dattathreya <datta at ucla.edu<mailto:datta at ucla.edu>> wrote:


We have to upgrade to Java 7 this year and I am looking at replacing Terracotta. The db plugin seems like a viable solution for us.
The wiki states that "The storage service does not persist the login context information to the database. You must use session affinity during the login process".
Isn't login context stored in the cookie? If the user authenticates and returns to a different node it should work just fine right?

As Scott stated, session is kept via cookie that can be pulled from the DB back service on any node. During the actual login though, the cookie (and data) used to provide the state is not persisted to the DB, hence the affinity/sticky requirement.


If the database is unavailable, will the back channel attribute query fail (if it goes to a different node) ?

The plugin persists objects that Shibboleth requests be put into the "session storage partition". Shib divides the storage service into logical units, "session" being one of them. So anything stored in the "session" partition is persisted to the DB. That said, I've never used back channel attribute query (only attribute push), so testing it was not on my list (or even on my thought radar).



With this plugin, will there be any interruption to the service if I take a node offline? I understood that, at the most user may loose SSO session and have to sign-in again.

Anyone in mid-cycle of login to that node will be affected. Likely getting a Shibboleth error screen and having to start their request again.

Paul

Paul Hethmon
Chief Software Architect
paul.hethmon at clareitysecurity.com<mailto:paul.hethmon at clareitysecurity.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140403/3576e34d/attachment.html

More information about the users mailing list