Replying to my own post, I'm including some information that Peter Schober drew to my attention in a private email.
One possible approach to avoiding shared state (and thus avoiding Terracotta!) is documented here:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPStatelessClustering
It seems that SAML1 attribute pull (which is the specific aspect of SAML1 authentication that I was bothered about) can be supported with the "CryptoTransient" stuff referred to under "Attribute Queries" near the bottom of that page.
Cheers,
Sara
On 14/02/2013 14:45, Sara Hopkins wrote:
> Hi Matthew,
>
> On 14/02/2013 14:38, Matthew Slowe wrote:
>
>> We'd like some way to scale horizontally if we need to when Office365
>> goes live but, actually, thinking about it... I don't think the
>> methods that Office365 uses needs to store any state so this may be a
>> completely moot point anyway.
>
> Yes, but there would still be other things that do need to share state,
> eg. authentication with SAML1-based SPs. Can you ensure that the
> SAML1-based authentications are confined to a single server and don't
> get farmed out anywhere else?
>
> Sara
--
Sara Hopkins
Support Team
UK Access Management Federation for Education and Research
web: http://www.ukfederation.org.uk/
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|