[Ext] RE: Feasible to run pool of v2 and v3 IdP servers?

Cantor, Scott cantor.2 at osu.edu
Fri May 27 13:40:19 EDT 2016

> We have externalized authentication, but SSO is the smallest concern with
> the particular integration that inspired the decision.

SSO elsewhere would be one mitigation, but you're also going to break any of the back channel features so they can't be required if you're going to try it.

I'll just speak for myself: I migrated over Spring Break with a system that handles maybe 50,000 logins a day at the low end during light periods and 450,000 at the high end, with the intention of rolling back if anything broke.

I have had no technical issues that had anything to do with V3. I had two problems:

- I forgot to include a setting I had used in V2. I broke my own advice by migrating my RP settings and even after weeks of testing still forgot something.

- I had an ancient SP I didn't fully understand in the mix and my attempt to stop supporting queries failed and I had to restore that capability on the fly.

That's been it. It isn't worth running in parallel, the downsides hugely outweigh the benefits.

-- Scott

More information about the users mailing list