memcached failover
Jorj Bauer
jorj at temple.edu
Wed Aug 3 14:57:54 EDT 2016
With our testing so far, the whole concept is moot - even with
replication between memcached nodes, SSO doesn't work across nodes.
User logs in via a proxy to Shib Node A; second app SSOs properly,
proving that SSO works; all the memcache data is properly replicated to
Node B; logging in to a third app with all traffic proxied to Node B
forces another login.
I would have expected that to work. There's some detail I'm missing.
-- Jorj
On 08/03/2016 02:52 PM, Jacob Lundberg wrote:
>
> Hi all,
>
> On Wed, 2016-08-03 at 13:29 +0200, Peter Schober wrote:
>> Jfyi, note that SimpleSAMLphp implemements session distribution and
>> replication "among several memcache servers
>
> What happens if (for example in a two-node cluster, but it generalizes)
> one server is unreachable for a while and then the other server is
> unreachable for a while (a common maintenance scenario)? The problem
> with client-based solutions to this scenario in memcached clusters is
> old data can be revived in the cluster. I'm not certain what the
> implications are for an IdP; perhaps reversion of data is no big deal.
> Probably people might find that SSO breaks and they must sign in a
> second time. Possibly logouts could be reverted as well? Somebody more
> familiar with the data model than I am would have to answer that.
>
> However, this is what internal replication products like repcached or
> Couchbase are intended to solve. If you use Couchbase, you can present
> it to each IdP node as if it were memcached by running a moxi proxy on
> the IdP node.
>
> -Jacob
>
More information about the users
mailing list