Load balancing service with SSO Authentication
undergl
Member ✭
HI, i'm working in a new SLB service for an application with 2/3 servers. I'll try to explain the scenario:
I would like to deploy a new VIP for load balancing of an application JAVA based (JBOSS Servers), for this we have to apply JSESSION ID persistence in the VIP with and aflex:
https://dev-a10wp.pantheonsite.io/forums/topic/jsessionid-persistence/
So far the service works correctly but now we need to add to this escenario and SSO Server. https://www.apereo.org/projects/cas
With this implementation and if I am not mistaken, it is not known in which server the client has the session with which it is necessary to close this session in all the balanced servers.
The only way of do that is adding server name in the JSESSION cookie
Is possible to use an aflex to for example:
solution 1- If some url, for example /logut is detected, send the request to all slb servers in the backend... With this force to close sessions in all servers.
solution 2- When the VIP receive the logout, check cookie name and send the request to this backend server...
Anyone can help me with this SLB service? wich configuration is the best for this type of SSO services?
CAS server (SSO) and real servers comunicate in the backend
I hope I have explained the scenario correctly
Thanks in advance
I would like to deploy a new VIP for load balancing of an application JAVA based (JBOSS Servers), for this we have to apply JSESSION ID persistence in the VIP with and aflex:
https://dev-a10wp.pantheonsite.io/forums/topic/jsessionid-persistence/
So far the service works correctly but now we need to add to this escenario and SSO Server. https://www.apereo.org/projects/cas
With this implementation and if I am not mistaken, it is not known in which server the client has the session with which it is necessary to close this session in all the balanced servers.
The only way of do that is adding server name in the JSESSION cookie
Is possible to use an aflex to for example:
solution 1- If some url, for example /logut is detected, send the request to all slb servers in the backend... With this force to close sessions in all servers.
solution 2- When the VIP receive the logout, check cookie name and send the request to this backend server...
Anyone can help me with this SLB service? wich configuration is the best for this type of SSO services?
CAS server (SSO) and real servers comunicate in the backend
I hope I have explained the scenario correctly
Thanks in advance
Tagged:
0