[Ext] RE: Feasible to run pool of v2 and v3 IdP servers?

[Nate Klingenstein]

We don't have back channel features in use right now. We also don't have a complete list of all services so we can't test them all ahead of time.

Deadlines and priorities collided.  I would have preferred your approach if possible, but again, because reasons.

Semt frim mt iPone

On May 27, 2016, at 11:40, Cantor, Scott <cantor.2 at osu.edu> wrote:

>> We have externalized authentication, but SSO is the smallest concern with
>> the particular integration that inspired the decision.
> 
> SSO elsewhere would be one mitigation, but you're also going to break any of the back channel features so they can't be required if you're going to try it.
> 
> I'll just speak for myself: I migrated over Spring Break with a system that handles maybe 50,000 logins a day at the low end during light periods and 450,000 at the high end, with the intention of rolling back if anything broke.
> 
> I have had no technical issues that had anything to do with V3. I had two problems:
> 
> - I forgot to include a setting I had used in V2. I broke my own advice by migrating my RP settings and even after weeks of testing still forgot something.
> 
> - I had an ancient SP I didn't fully understand in the mix and my attempt to stop supporting queries failed and I had to restore that capability on the fly.
> 
> That's been it. It isn't worth running in parallel, the downsides hugely outweigh the benefits.
> 
> -- Scott
> 
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net