memcached failover

Jorj Bauer jorj at temple.edu
Wed Aug 3 14:57:54 EDT 2016


With our testing so far, the whole concept is moot - even with 
replication between memcached nodes, SSO doesn't work across nodes.

User logs in via a proxy to Shib Node A; second app SSOs properly, 
proving that SSO works; all the memcache data is properly replicated to 
Node B; logging in to a third app with all traffic proxied to Node B 
forces another login.

I would have expected that to work. There's some detail I'm missing.

-- Jorj



On 08/03/2016 02:52 PM, Jacob Lundberg wrote:
>
> Hi all,
>
> On Wed, 2016-08-03 at 13:29 +0200, Peter Schober wrote:
>> Jfyi, note that SimpleSAMLphp implemements session distribution and
>> replication "among several memcache servers
>
> What happens if (for example in a two-node cluster, but it generalizes)
> one server is unreachable for a while and then the other server is
> unreachable for a while (a common maintenance scenario)?  The problem
> with client-based solutions to this scenario in memcached clusters is
> old data can be revived in the cluster.  I'm not certain what the
> implications are for an IdP; perhaps reversion of data is no big deal.
> Probably people might find that SSO breaks and they must sign in a
> second time.  Possibly logouts could be reverted as well?  Somebody more
> familiar with the data model than I am would have to answer that.
>
> However, this is what internal replication products like repcached or
> Couchbase are intended to solve.  If you use Couchbase, you can present
> it to each IdP node as if it were memcached by running a moxi proxy on
> the IdP node.
>
> -Jacob
>


More information about the users mailing list