Shibboleth v3 - Session HA Questions

prasanna cg prasannacgin at
Wed Jul 1 20:36:08 UTC 2020

Thanks for that Scott ! 

I was not able to find any documentations / articles to generate new sealer files for IDP. So was curious to know if there is any backdoor way. I used the logs in DEBUG mode and I don't see any log that  stated that the cookie was wrapped with a key that is known / available (or anything related to that). At the same time, if I change my key on one IDP node, create a session and test SSO with other IDP node, it certainly records a log as below and enforces for re-authentication

2020-07-01 19:30:41,186 - INFO [] - Key 'secret2' not found
2020-07-01 19:30:41,188 - INFO [] - Data was wrapped with a key (secret2) no longer available

And since I couldn't find if the keys were ever copied across nodes my environment, I merely did a cksum and see them to be common between the IDP nodes. Not sure if that confirms but I am assuming it would have been copied. 


> On Jul 1, 2020, at 3:52 PM, Cantor, Scott <cantor.2 at> wrote:
> On 7/1/20, 3:50 PM, "users on behalf of prasanna cg" <users-bounces at on behalf of prasannacgin at> wrote:
>> Thanks Scott. I understand I am missing something here. Let me look further. Also, Is there a way to create a new / fresh
>> "sealer.jks" and “sealer.kver” files in an IDP node ? I am trying to see if I can ignore the ones that exist now and create a
>> new file for each of my IDP nodes and test again. 
> I believe the script that rolls the key can essentially initialize one from empty state, but I'm not positive.
> Initially I wrote your question off as "he's nuts?" but you've clearly digested the documentation sufficiently to be questioning reality appropriately.
> I would really suggest you just use the logs.
> -- Scott
> -- 
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to users-unsubscribe at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list