shibboleth-dev - RE: Shibboleth SP with multiple web servers
Subject: Shibboleth Developers
List archive
- From: "Ian J. Brooks" <>
- To: <>
- Subject: RE: Shibboleth SP with multiple web servers
- Date: Thu, 7 Dec 2006 09:28:21 -0000
Scott,
As the whole site is protected we only require it to run the shib check
once. But unfortunately because the SP is behind a load balancing
firewall the communication gets bounced between the 2 (or more) SP's and
they get very confused. I may have to see if I can get the firewall only
to change servers if the first one is dead.
-Ian Brooks
Systems Administrator, SCRAN
http://www.scran.ac.uk/
------------------------------------------------------
This message is in confidence to the addressee only.
It may contain legally privileged information.
The contents are not to be disclosed to anyone other than the addressee.
If you receive it in error, please let the sender know.
SCRAN staff are not authorised to enter into any contracts on behalf of
the company by internet e-mail.
------------------------------------------------------
-----Original Message-----
From: Scott Cantor
[mailto:]
Sent: 06 December 2006 18:26
To:
Subject: RE: Shibboleth SP with multiple web servers
> What do I need to configure to allow 2 web servers to work with
> shibboleth? I'm guessing I need some kind of shared cache or state
> database but I'm not sure what to configure for this.
That's not a simple issue. Support is very limited for this. It is
expected
that in 99% of cases, applications that can be clustered have to address
shared state themselves, and in such cases you should usually be able to
avoid using the Shibboleth session for anything other than initiating an
application session.
If you actually wish to cluster the SP, you have to supply a very
complex
plugin to implement shared session and replay caches. The MySQL plugin
provided is not a sharable plugin, it uses an embedded database. But it
can
be used as a sample to work from.
I believe there are people who have done Oracle and shared MySQL
versions.
You could also choose to use a shared shibd service and have both web
servers connect to it. That's still a single point of failure, but so
are
most databases.
That has some overhead, but if the service isn't too high volume, it
works
pretty well.
-- Scott
- Shibboleth SP with multiple web servers, Ian J. Brooks, 12/06/2006
- RE: Shibboleth SP with multiple web servers, Scott Cantor, 12/06/2006
- <Possible follow-up(s)>
- RE: Shibboleth SP with multiple web servers, Ian J. Brooks, 12/06/2006
- RE: Shibboleth SP with multiple web servers, Ian J. Brooks, 12/07/2006
- RE: Shibboleth SP with multiple web servers, Scott Cantor, 12/07/2006
- RE: Shibboleth SP with multiple web servers, Ian J. Brooks, 12/07/2006
Archive powered by MHonArc 2.6.16.