Shibboleth v3 - Session HA Questions
prasanna cg
prasannacgin at yahoo.in
Wed Jul 1 18:45:08 UTC 2020
Thanks Scott. I confirm that they are NOT sharing the encryption keys and do not use any delegated source for authentication as well. Pretty much a vanilla install. I am in fact able to reproduce the behavior not just through the LB but also by spoofing the IP directly from localhosts file. Is there a possibility that using a common ’store password’ for the DataSealer across all IDPs could be the reason ?
> On Jul 1, 2020, at 2:33 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>
> (Another possibility of course is authentication/SSO being delegated off to a another IdP via SAML or CAS or something else, in which case the IdP's session wouldn't matter.)
>
> -- Scott
>
> On 7/1/20, 2:22 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>
> The clustering docs for the current version are in [1], not where you linked.
>
> Beyond that, your description in absolute terms means you're simply incorrect. They are in fact sharing the encryption key, or some non-client-side session store is being used outright.
>
> -- Scott
>
> [1] https://wiki.shibboleth.net/confluence/display/IDP4/Clustering
>
>
>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list