Shibboleth SP3, TCPListener's clientAddress & Kubernetes

Cantor, Scott cantor.2 at osu.edu
Thu Jan 28 14:45:16 UTC 2021


On 1/28/21, 9:29 AM, "users on behalf of Sandro Mathys" <users-bounces at shibboleth.net on behalf of sandro.mathys at switch.ch> wrote:

>    As far as I've read it should be fine as long as network latency is low?

And you have no load. There is no such thing as low network latency. Any network has way too much. Anything you read otherwise is somebody that just prefers to ignore performance to avoid clustering. There is no free lunch unless you count the cookie session recovery approach.

>    Hm, so far I just put the identical config file on both servers. But of course, you're right, I can ignore the clientAddress
> and just set the address to different values on the two servers. That definitely makes the workaround easier, appreciate
> the thought!

You can, but the variable simply overrides whatever is in the file, so there's nothing to edit.

-- Scott




More information about the users mailing list