Clustering Spring SAML

[shalso]

Hi,

We have a 2 node production cluster where the 2 nodes are sharing a single database. We are trying to implement Spring SAML and have confirmed it works on a single test server.

We don't have any kind of session state sharing between the 2 nodes in the cluster, as we just use sticky sessions in the load balancer to keep each user stuck to one of the nodes. Would you think that Spring SAML would work in this kind of setup, or is there state between SAML http communications that needs to be shared between the two nodes?

Also, if we implemented Spring Security session state sharing between the nodes would that help?

thanks


Steve

[vsch]

Hi Steve,

As long as you don't require fail-over (only possible when sessions are replicated) and don't need to support IDP-initialzed Single Logout with SOAP binding (as these calls don't include sessionID and could end-up on any node) everything should work just fine.

Brs, Vladi

[shalso]

Hi Vladi,

Great, thanks for that reply. Does it work in this situation because each client is stuck to a particular node using the load balancer's sticky session? Does that rely on the load balancer spotting the sessiodID in the GET/POST and making sure a particular sessionID only goes to one particular node?

thanks


Steve

[vsch]

Yes, it works in this situation and it relies on sticky sessions. They must be in place for the SAML extension to work correctly in a clustered environment.

V.