Replying to my own post, I'm including some information that Peter Schober drew to my attention in a private email. One possible approach to avoiding shared state (and thus avoiding Terracotta!) is documented here: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPStatelessClustering It seems that SAML1 attribute pull (which is the specific aspect of SAML1 authentication that I was bothered about) can be supported with the "CryptoTransient" stuff referred to under "Attribute Queries" near the bottom of that page. Cheers, Sara On 14/02/2013 14:45, Sara Hopkins wrote: > Hi Matthew, > > On 14/02/2013 14:38, Matthew Slowe wrote: > >> We'd like some way to scale horizontally if we need to when Office365 >> goes live but, actually, thinking about it... I don't think the >> methods that Office365 uses needs to store any state so this may be a >> completely moot point anyway. > > Yes, but there would still be other things that do need to share state, > eg. authentication with SAML1-based SPs. Can you ensure that the > SAML1-based authentications are confined to a single server and don't > get farmed out anywhere else? > > Sara -- Sara Hopkins Support Team UK Access Management Federation for Education and Research web: http://www.ukfederation.org.uk/ The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.