MemcachedStorageService or JPAStorageService behind an LB?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

MemcachedStorageService or JPAStorageService behind an LB?

Scott Gilbert
In reading the documentation I was looking for some general direction and guidance for IdP session management. I am running IdP 3.4.6. We want our IdP servers to run behind a load balancer and need to preserve session state among them. (This set up is something we already have in place for CAS). It appears that MemcachedStorageService is preferable over JPAStorageService but with a built in failover feature that we don't need when a load balancer would be handling that task. Is MemcachedStorageService still a viable way to go with some way to support a database backend for session state, or does it simply not match our requirements of managing state behind an LB and we should go with JPAStorageService?


Scott Gilbert
IAM System Admin
ETS Enterprise Technology Services
University of California Santa Barbara


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: MemcachedStorageService or JPAStorageService behind an LB?

Cantor, Scott E.
On 12/20/19, 12:55 PM, "users on behalf of Scott Gilbert" <[hidden email] on behalf of [hidden email]> wrote:

> In reading the documentation I was looking for some general direction and guidance for IdP session management. I am
> running IdP 3.4.6. We want our IdP servers to run behind a load balancer and need to preserve session state among
> them.

You should not do that, use the defaults and enable HTML Local Storage, and leave the sessions in the client.

> (This set up is something we already have in place for CAS).

If you need CAS proxy support then you can point CAS at a server storage option, but basic CAS support also doesn't require server state.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]