We are using the ITfoxtec.Identity.Saml2 library to authenticate with our SSO service.
The problem is we are using this on a load balanced servers. If we turn sticky sessions off, the application no longer functions.
I've tried setting isPersistent= true when we create the session but it has had no affect. I've seen similar issues posted related to storing SAML state across a web farm with suggestions ranging from:
Changing the configuration so all servers on the webfarm use the same machine key Creating what amounts to a state service to store authentication.
I would think there would be a way to natively store user state in a cookie that would be reusable regardless if load balancing is being used or not.
Any suggestions on how to attack this?
Using ITfoxtec.Identity.Saml2.Mvc and ASP.NET MVC the
isPersitentis a parameter on theCreateSessionmethod. The CreateSession method used in the ASP.NET sample application.The method is called after the SAML 2.0 response is accepted to create the user identity cookie handled by the
SessionAuthenticationModule.Default the user identity cookies is not persistent. Setting the
isPersitent=trueresult in creating persistent user identity cookies. TheisPersitentsetting has nothing to do with load balancing.It should be possible to support load balancing by setting the
isReferenceMode=true. Reference mode change the user identity cookies from being self contained to being a pointer.Maybe you need to implement a token cache.
Updated:
I am sorry to say that I do not have an example. I have instead added some links that may be can be help full.
WIF and Web Farms
About SessionAuthenticationModule IsReferenceMode
SessionSecurityTokenCache Class