SP - Sticky Sessions in Load Balancing
Nate Klingenstein
ndk at internet2.edu
Thu Aug 6 09:18:55 EDT 2015
Manoj,
Your service provider will require sticky sessions or session replication for the two hops that are performed during authentication: delivery of the assertion, and redirection of the user to the resource. Sticky sessions are the lower bar in most cases, and this article has all the gory details.
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPClustering
"Instead, rely on your load balancer to maintain session affinity (so-called stickiness) for a minute or two. The reason for this is so that the message to the SP from the IdP containing the SAML assertion can be processed and the browser redirected to the same server that received it. That redirect will normally be to the "protected" login script and the rest of the traffic should be handled by the application session, so can be to any server."
Thanks,
Nate.
> On Aug 6, 2015, at 7:11 AM, Manoj Kancharla <manojk at silverchair.com> wrote:
>
> Does Shibboleth implementation require sticky sessions (on our end) for successful communication between the Service Provider and the Identity Provider?
More information about the users
mailing list