Reputation: 1040
Support for non-sticky sessions in spring-security-saml2-core?
I see from http://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/configuration-advanced.html#configuration-load-balancing that stickysessions are required when using a loadbalancer.
Is there any hope for support for non-sticky sessions in a future release?
-Kaj :)
Upvotes: 1
Views: 974
Answers (1)
Reputation: 15533
There shouldn't be need for sticky sessions in case you replicate your HTTP sessions to all nodes in the cluster. It's also not needed in case you use IDP-initialized SSO without Single Logout. One more option is to add bean EmptyStorageFactory which removes certain validations based on sent AuthnRequest (like checking of InResponseTo field).
There's always hope, but I don't think I'll be writing this anytime soon. Contributions welcome.
Upvotes: 2
Related Questions
- Stateless Sessions with Spring Security Saml and SP Application
- Spring Security session concurrency
- how to enable distributed session for spring saml project
- Session Management using Spring Security: Concurrent sessions
- Integration of Spring session with spring security saml
- Refresh Session in spring security SAML
- Spring saml - Single logout
- Spring Session In Paas Sticky Session
- Distributed Session for Spring Security
- Session functionality in application layer?