<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>That's right -- as far as I'm aware (not having set it up myself
but spoken to people who have) it's a purely Tomcat configuration.</p>
<p> -- Justin<br>
</p>
<br>
<div class="moz-cite-prefix">On 7/7/2016 9:36 AM, Luiz Omori wrote:<br>
</div>
<blockquote
cite="mid:B4C08C50-1DDA-4D7A-BC8D-7BEE31C33C0B@dm.duke.edu"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div>
<div>
<div>Oh, I apologize. Indeed Introspection works with a common
DB. The failure was in my test code was pointing to the
wrong second server.</div>
<div><br>
</div>
<div>I will take a look at the sticky or replication session
configuration within Tomcat. As far as you know, that’s
purely Tomcat, nothing changes for MitreID and/or Spring,
right?</div>
<div><br>
</div>
<div>Regards,</div>
<div>Luiz </div>
<div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt;
text-align:left; color:black; BORDER-BOTTOM: medium none;
BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT:
0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;
BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>"<a
moz-do-not-send="true" href="mailto:yannick.beot@gmail.com"><a class="moz-txt-link-abbreviated" href="mailto:yannick.beot@gmail.com">yannick.beot@gmail.com</a></a>"
<<a moz-do-not-send="true"
href="mailto:yannick.beot@gmail.com">yannick.beot@gmail.com</a>><br>
<span style="font-weight:bold">Date: </span>Thursday, July 7,
2016 at 3:04 AM<br>
<span style="font-weight:bold">To: </span>Justin Richer <<a
moz-do-not-send="true" href="mailto:jricher@mit.edu"><a class="moz-txt-link-abbreviated" href="mailto:jricher@mit.edu">jricher@mit.edu</a></a>><br>
<span style="font-weight:bold">Cc: </span>Luiz Omori <<a
moz-do-not-send="true" href="mailto:luiz.omori@duke.edu"><a class="moz-txt-link-abbreviated" href="mailto:luiz.omori@duke.edu">luiz.omori@duke.edu</a></a>>,
"<a moz-do-not-send="true"
href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a>"
<<a moz-do-not-send="true"
href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a>><br>
<span style="font-weight:bold">Subject: </span>RE:
[mitreid-connect] Multiple instances connected to a single DB<br>
</div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 5 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style>
<div link="blue" vlink="#954F72" lang="FR">
<div class="WordSection1">
<p class="MsoNormal">I agree : Introspection should work
with a common DB.</p>
<p class="MsoNormal">Session is more for the
authentication part (CSRF, SSO, …)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Envoyé de mon téléphone Windows 10</p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<div
style="mso-element:para-border-div;border:none;border-top:solid
#E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="border:none;padding:0cm"><b>De :
</b><a moz-do-not-send="true"
href="mailto:jricher@mit.edu">Justin Richer</a><br>
<b>Envoyé le :</b>jeudi 7 juillet 2016 02:24<br>
<b>À : </b><a moz-do-not-send="true"
href="mailto:yannick.beot@gmail.com">yannick.beot@gmail.com</a><br>
<b>Cc : </b><a moz-do-not-send="true"
href="mailto:luiz.omori@duke.edu">Luiz Omori</a>;
<a moz-do-not-send="true"
href="mailto:mitreid-connect@mit.edu">
mitreid-connect@mit.edu</a><br>
<b>Objet :</b>Re: [mitreid-connect] Multiple
instances connected to a single DB</p>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif">Yes, you will need to replicate
your session information, but that’s doable with
Tomcat and other containers, and Spring should
support it fine.</span><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif">There’s no reason for
introspection not to work in this configuration,
so I’m not sure what you’re talking about there.
I’ve seen several split deployments (multiple IdPs
using multi-homed DNS and a common DB, no load
balancer) and introspection works perfectly in
those cases. Something else must be wrong if that
broke.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif"> — Justin<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif"><o:p> </o:p></span></p>
<div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif">On Jul 6, 2016, at
6:49 PM,
<a moz-do-not-send="true"
href="mailto:yannick.beot@gmail.com">yannick.beot@gmail.com</a>
wrote:<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal">Hi,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">It
depends on your configuration but you
should probably use a sticky session or
replicate session data between your
instances.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Envoyé de mon téléphone
Windows 10<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif"> </span><o:p></o:p></p>
</div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<div>
<p class="MsoNormal"><b>De :<span
class="apple-converted-space"> </span></b><a
moz-do-not-send="true"
href="mailto:luiz.omori@duke.edu"><span
style="color:#954F72">Luiz Omori</span></a><br>
<b>Envoyé le :</b>mercredi 6 juillet 2016
22:42<br>
<b>À :<span class="apple-converted-space"> </span></b><a
moz-do-not-send="true"
href="mailto:mitreid-connect@mit.edu"><span
style="color:#954F72"><a class="moz-txt-link-abbreviated" href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a></span></a><br>
<b>Objet :</b>[mitreid-connect] Multiple
instances connected to a single DB<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt">Hi,</span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt"> </span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt">We have an use
case that calls for having multiple
servers running in parallel in a load
balancing fashion. All instances would
be connected to a single DB backend. Has
anybody tried that? Any potential
problems you can think of? We know that
all of them will have to use the same
ISSUER configuration otherwise, perhaps
among other things, introspection won’t
work (we tested).</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt"> </span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt">Regards,</span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.5pt">Luiz</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif">_______________________________________________<br>
mitreid-connect mailing list<br>
<a moz-do-not-send="true"
href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a><br>
<a moz-do-not-send="true"
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.mit.edu_mailman_listinfo_mitreid-2Dconnect&d=CwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=Z8s9iJUyYBIaH58vNK0ro0apSv7au837UveAf9FC0gY&s=ziWD6Ha3X3woxxqu9zPDbEIzpDGa1IFpvzF5xzpxCT4&e=">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a></span><span
style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
</div>
</blockquote>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</span></span>
</blockquote>
<br>
</body>
</html>