multiple sp hosts behind a firewall/proxy etc

Cantor, Scott cantor.2 at
Sat May 23 18:18:10 EDT 2015

On 5/23/15, 11:47 AM, "Musil, William" <wmusil at> wrote:

>The issue I think would be that session state at shibd is not shared

If you've solved the brutally difficult problem of how to cluster an application, then you should try and avoid any use of the SP session other than to initially create an application session and by all means do *not* waste your time trying to cluster the SP.

The clustering material in the wiki takes great pains to say this.

>It is almost like what I really need is to put SP deeper into the application layer itself like if SP was a clusterable container, and shibd actually ran as a servlet, using the session replication that comes with java application servers and cluster aware java web applications to store the shibd sessions state data.

Then don't use Shibboleth and find a Java SP you can live with. The Shibboleth SP is not designed to run inside applications and it never will be. It's about an entirely different problem space.

>I don't know how to do it yet, but if I persist in a database, I might be able to pull this off.

On Windows, ODBC is reasonably reliable and not a terrible option with the SP. On Linux it's often unreliable because of bad drivers and ODBC libraries, and it's very system dependent how well it works.

-- Scott

More information about the users mailing list