OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Load balancing with SAML2

FWIW, this was one of the use cases which resulted in the  
IndexedEndpointType in SAML-Metadata

Section 4.1.6 of SAML-Profiles discusses the the use of metadata for  
this purpose:

> The indexed endpoint element <md:AssertionConsumerService> is used  
> to describe supported
> bindings and location(s) to which an identity provider may send  
> responses to a service provider using this
> profile. The index attribute is used to distinguish the possible  
> endpoints that may be specified by
> reference in the <AuthnRequest message. The  attribute is used to  
> specify the endpoint to
> use if not specified in a request.

this, of course, means that each consumerService host behind the load  
balancer is also directly addressable (in addition to it's Virtual IP  
exposed by the load balancer)


On Apr 17, 2008, at 10:25 AM, Scott Cantor wrote:

>> Does anybody have already think about this kind of problem ?
> That's an implementation issue. It depends entirely on how the SP  
> chooses to
> maintain state, if any (e.g. cookies).
> I don't think turning the responses into unsolicited ones is really a
> solution to the general problem.
> -- Scott
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: saml-dev-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]