SP3: Cannot get session recovery to work across nodes

[Wise, Tony (CGI Federal)]

Hi all, we are attempting to use session recovery across SP nodes without success and having a hard time finding any related info. Here is what we have in the shibboleth2.xml file related to this:

<DataSealer type="Static" key="KohVO7WQkf3I0w3ROCurjA==" />
<SessionCache type="StorageService" persistedAttributes="HTTP_EUA" />

And this is what we see in the SP logs on the node that did NOT create the session:

sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.SessionCache [38] shib_check_user [default]: searching local cache for session (_b2ad5fbb9a887cda667e93cc6b2b1612)
sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.SessionCache [38] shib_check_user [default]: session not found locally, remoting the search
sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.Listener [38] shib_check_user [default]: sending message (find::StorageService::SessionCache)
sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.Listener [38] shib_check_user [default]: send completed, reading response message
sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.SessionCache [38] shib_check_user [default]: session not found in remote cache
sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.SessionInitiator.SAML2 [38] shib_check_user [default]: attempting to initiate session using SAML 2.0 with provider (http://www.okta.com/exk4rynlzm0QpuLKZ297)
sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.Listener [38] shib_check_user [default]: sending message (default/Login::run::SAML2SI)
sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.Listener [38] shib_check_user [default]: send completed, reading response message
sp-native 2021-01-05 17:06:50 DEBUG XMLTooling.ParserPool : asked to resolve classpath:/schema/shibboleth-2.0-afp.xsd with baseURI /usr/share/xml/shibboleth/shibboleth-2.0-afp-mf-basic.xsd

Any pointers or help would be much appreciated. Generally all we need in the headers is the HTTP_EUA attribute at this point. And I am not sure if there is supposed to be another cookie (session recovery) but if so, it does not seem to be created.

Cheers,

Tony Wise
Solution Architect
PMP, CSM, AWS Certified Cloud Practitioner

CGI Federal
12601 Fairlakes Circle Fairfax, VA 22033
Tel 703.227.7287 | Cell 703.851.6963
tony.wise at cgifederal.com<mailto:tony.wise at cgifederal.com> | http://www.cgi.com<http://www.cgi.com/>

CONFIDENTIALITY NOTICE: Proprietary/Confidential Information belonging to CGI Group Inc. and its affiliates may be contained in this message. If you are not a recipient indicated or intended in this message (or responsible for delivery of this message to such person), or you think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message to anyone else. In such case, you should destroy this message and are asked to notify the sender by reply email.

Please consider the environment before printing this email or its attachments.

Proprietary/confidential information belonging to CGI Federal Inc. or its affiliates may be contained in this message. If you are not a recipient indicated or intended in this message (or responsible for the delivery of this message to such person), or if you think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message to anyone else. In such case, you should destroy this message and are asked to notify the sender by reply email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210105/c7a9317f/attachment.htm>