<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi all, we are attempting to use session recovery across SP nodes without success and having a hard time finding any related info. Here is what we have in the shibboleth2.xml file related to this:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><DataSealer type="Static" key="KohVO7WQkf3I0w3ROCurjA==" /><o:p></o:p></p>
<p class="MsoNormal"><SessionCache type="StorageService" persistedAttributes="HTTP_EUA" /><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">And this is what we see in the SP logs on the node that did NOT create the session:<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.SessionCache [38] shib_check_user [default]: searching local cache for session (_b2ad5fbb9a887cda667e93cc6b2b1612)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.SessionCache [38] shib_check_user [default]: session not found locally, remoting the search<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.Listener [38] shib_check_user [default]: sending message (find::StorageService::SessionCache)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.Listener [38] shib_check_user [default]: send completed, reading response message<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.SessionCache [38] shib_check_user [default]: session not found in remote cache<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.SessionInitiator.SAML2 [38] shib_check_user [default]: attempting to initiate session using SAML 2.0 with provider (http://www.okta.com/exk4rynlzm0QpuLKZ297)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.Listener [38] shib_check_user [default]: sending message (default/Login::run::SAML2SI)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">sp-native 2021-01-05 17:06:50 DEBUG Shibboleth.Listener [38] shib_check_user [default]: send completed, reading response message<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">sp-native 2021-01-05 17:06:50 DEBUG XMLTooling.ParserPool : asked to resolve classpath:/schema/shibboleth-2.0-afp.xsd with baseURI /usr/share/xml/shibboleth/shibboleth-2.0-afp-mf-basic.xsd<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any pointers or help would be much appreciated. Generally all we need in the headers is the HTTP_EUA attribute at this point. And I am not sure if there is supposed to be another cookie (session recovery) but if so, it does not seem to
be created.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Cheers,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Tony Wise<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Solution Architect<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">PMP, CSM, AWS Certified Cloud Practitioner<b><o:p></o:p></b></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">CGI Federal<b><br>
</b>12601 Fairlakes Circle Fairfax, VA 22033<br>
Tel 703.227.7287 | Cell 703.851.6963<br>
<a href="mailto:tony.wise@cgifederal.com" title="mailto:tony.wise@cgifederal.com"><span style="color:windowtext">tony.wise@cgifederal.com</span></a> |
<a href="http://www.cgi.com/" title="http://www.cgi.com/"><span style="color:windowtext">http://www.cgi.com</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><i><o:p> </o:p></i></p>
<p class="MsoNormal"><i><span style="font-size:7.5pt;font-family:"Verdana",sans-serif">CONFIDENTIALITY NOTICE: Proprietary/Confidential Information belonging to CGI Group Inc. and its affiliates may be contained in this message. If you are not a recipient indicated
or intended in this message (or responsible for delivery of this message to such person), or you think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message to anyone else. In such case, you
should destroy this message and are asked to notify the sender by reply email.</span></i><i><span style="font-size:7.5pt;font-family:"Arial",sans-serif">
</span></i><i><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial",sans-serif"><o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-GB" style="font-size:7.5pt;font-family:"Verdana",sans-serif">P</span></i><i><span lang="NL" style="font-size:7.5pt;font-family:"Verdana",sans-serif">lease consider the environment before printing this email or its attachments.</span></i><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
Proprietary/confidential information belonging to CGI Federal Inc. or its affiliates may be contained in this message. If you are not a recipient indicated or intended in this message (or responsible for the delivery of this message to such person), or if you
think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message to anyone else. In such case, you should destroy this message and are asked to notify the sender by reply email.
</body>
</html>