mace-opensaml-users - RE: [OpenSAML] SAML and load balancing
Subject: OpenSAML user discussion
List archive
- From: "Bailo, John" <>
- To: <>
- Subject: RE: [OpenSAML] SAML and load balancing
- Date: Mon, 29 Sep 2008 00:58:07 -0400
Well, my solution is to decode the saml first at a central SAML server, and
then I will log in to one of two servers to balance the load.
-----Original Message-----
From: Chad La Joie
[mailto:]
Sent: Sunday, September 28, 2008 11:59 AM
To:
Subject: Re: [OpenSAML] SAML and load balancing
I'm not out to get sys admins but when you run in to problems like this
my experience has shown it is *always* due to a more systemic problem.
In cases of web apps my experience has been that the main issue are
those individuals who don't want, or think they shouldn't have, to learn
anything about the container. These containers are non-trivial pieces
of code. Most containers end up being multiple times the size of the
applications you're trying to run. Thus, ignoring it means you're
ignoring the *majority* of the application you're try to run.
This then leads to people trying to hack around the container. For
example by setting up reverse proxies, configuring load balancers in odd
ways, and trying to do tricky things with DNS. In the end you have
systems that are fragile and difficult to maintain. I'm not claiming
that the OpenSAML library is great, it's not, but I do think that good
software will make doing the wrong thing a bit painful so as to bring to
light the issue.
Just my Sunday evening philosophizing.
Scott Cantor wrote:
>> That assumption does not hold in all environments (imho). As we want
>> our application to run in as many environments (good and badly
>> designed ones) without fighting our way through the network and system
>> operations departements, we need to be able to configure parameters
>> like SAML target from within the application. I believe this to be
>> genuine use case.
>
> I can't speak for Chad, but supporting badly designed environments and
> coddling sysadmins is not only a non-goal, but an anti-goal. If I make life
> hard for a lazy sysadmin, I count it a good day.
>
> -- Scott
>
>
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
CONFIDENTIALITY NOTICE: The information in this Internet email is
confidential and may be legally privileged. It is intended solely for the
addressee. Access to this email by anyone else is unauthorized.
- SAML and load balancing, Bailo, John, 09/27/2008
- Re: [OpenSAML] SAML and load balancing, Scott Cantor, 09/27/2008
- Re: [OpenSAML] SAML and load balancing, Dieter Houthooft, 09/28/2008
- Re: [OpenSAML] SAML and load balancing, Scott Cantor, 09/28/2008
- Re: [OpenSAML] SAML and load balancing, Dieter Houthooft, 09/28/2008
- RE: [OpenSAML] SAML and load balancing, Scott Cantor, 09/28/2008
- Re: [OpenSAML] SAML and load balancing, Chad La Joie, 09/28/2008
- RE: [OpenSAML] SAML and load balancing, Bailo, John, 09/29/2008
- Re: [OpenSAML] SAML and load balancing, Chad La Joie, 09/28/2008
- RE: [OpenSAML] SAML and load balancing, Scott Cantor, 09/28/2008
- Re: [OpenSAML] SAML and load balancing, Dieter Houthooft, 09/28/2008
- Re: [OpenSAML] SAML and load balancing, Scott Cantor, 09/28/2008
Archive powered by MHonArc 2.6.16.