Hi

Unfortunately those are the kind of solutions that are really "deprecated" in todays environment, at least here at Dundee.   The thrust is to keep things as pure and vanilla as possible.   I'd had a browse back in the Shib users list which is where I'd gleaned a lot of anti Terracotta bias and also seen Scotts https://wiki.shibboleth.net/confluence/display/SHIB2/IdPStatelessClustering  (although I don't seem to be able to unzip the actual login handler from contributions).

Shib 2 is SO reliable that the chance of an unscheduled failover is very rare.   I'm not therefore worried about people having to reauthenticate on failover.   I just want a hardware box (two actually!) to do the hot standy redirection.

Cheers
Andy


From: Discussion list for Shibboleth developments [[log in to unmask]] on behalf of Rod Widdowson [[log in to unmask]]
Sent: 04 October 2012 10:19
To: [log in to unmask]
Subject: Re: Resilient Shib IdPs

Andy,

 

There’s a lot of experience over in the Shib-users list, and you might to ask there and also consult the https://wiki.shibboleth.net/confluence/display/SHIB2/Contributions page.

 

Two to look out for are Scott Cantor’s “Ohio State extensions, primarily a custom login module for SSO with stateless clustering, and workflow-like login handler with Velocity-based UI and post-login notification hooks” and Paul Hethmon’s “A replacement storage service for Shibboleth IdP v2 that uses Infinispan to provide cluster support.”

 

Rod

 

From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Andy Swiffin
Sent: 04 October 2012 05:04
To: [log in to unmask]
Subject: Resilient Shib IdPs

 

Hi

I'm currently putting together plans to update our IdP infrastructure and want to add in automatic failover.   We currently have a manual failover to a secondary IdP, should it ever be needed (which since the move to Shib 2 many many moons ago it hasn't!).   However I would like to push Shib authentication for some high profile services and without having a demonstrable auto failover mechanism this won't be well received.

Because Shibboleth is stateful, if you are going to loadbalance cluster it you need a mechanism for sharing state information, the shibboleth documentation says:  "By default the Shibboleth team recommends the use of Terracotta as the mechanism for doing this"  which is a shame because I have it on high authority that "I think you'd be insane to consider it."....    I know a lot of people have found Terracotta to have, itself, caused shib outages.

Without state sharing you need to go for a hot standby rather than loadbalanced approach, but unfortunately our existing Cisco content switch (which is well overdue for replacement) cannot do this.   

So,  I'd be interested to hear from anyone who is doing hot standby with their Shibboleth IdP  (i.e. if IdP1 is responding always use it, if it fails the test switch to IdP2)  and what type of hardware loadbalancer you're using at the front to do this.

Cheers
Andy



The University of Dundee is a registered Scottish Charity, No: SC015096


The University of Dundee is a registered Scottish Charity, No: SC015096