Shibboleth SP behind load balancer with session affinity

Sean Townsend sean.campuslabs at gmail.com
Mon Dec 4 20:34:52 EST 2017


Hello,

We would like to run the SP on multiple machines behind a load balancer.
Based on the documentation it seems like the simplest approach is to use
the shibd’s local memory storage (not odbc, memcache, etc) for session and
rely on the load balancer to keep the user on the same server that started
the login process. We understand that this is only required to establish
the initial session. Our applications manage their own state, and do not
rely on the shibboleth sp session after the initial login.

I would like to test this, but I would like a way to verify that the load
balancer is doing its job and we don’t have a significant number of users
being redirected by to the IdP because they ended up on the wrong server on
their way back from the IdP. Is there something that will show up in the
logs when this happens? If so, we can monitor for this situation.

Thanks in advance for your help!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20171205/ef6e8ff3/attachment.html>


More information about the users mailing list