<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>
<div>Oh, I apologize. Indeed Introspection works with a common DB. The failure was in my test code was pointing to the wrong second server.</div>
<div><br>
</div>
<div>I will take a look at the sticky or replication session configuration within Tomcat. As far as you know, that’s purely Tomcat, nothing changes for MitreID and/or Spring, right?</div>
<div><br>
</div>
<div>Regards,</div>
<div>Luiz </div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE"></div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>"<a href="mailto:yannick.beot@gmail.com">yannick.beot@gmail.com</a>" <<a href="mailto:yannick.beot@gmail.com">yannick.beot@gmail.com</a>><br>
<span style="font-weight:bold">Date: </span>Thursday, July 7, 2016 at 3:04 AM<br>
<span style="font-weight:bold">To: </span>Justin Richer <<a href="mailto:jricher@mit.edu">jricher@mit.edu</a>><br>
<span style="font-weight:bold">Cc: </span>Luiz Omori <<a href="mailto:luiz.omori@duke.edu">luiz.omori@duke.edu</a>>, "<a href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a>" <<a href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a>><br>
<span style="font-weight:bold">Subject: </span>RE: [mitreid-connect] Multiple instances connected to a single DB<br>
</div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Helvetica;
        panose-1:2 11 5 4 2 2 2 2 2 4;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.apple-converted-space
        {mso-style-name:apple-converted-space;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
        {page:WordSection1;}
--></style>
<div lang="FR" link="blue" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">I agree : Introspection should work with a common DB.</p>
<p class="MsoNormal">Session is more for the authentication part (CSRF, SSO, …)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Envoyé de mon téléphone Windows 10</p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<div style="mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="border:none;padding:0cm"><b>De : </b><a href="mailto:jricher@mit.edu">Justin Richer</a><br>
<b>Envoyé le :</b>jeudi 7 juillet 2016 02:24<br>
<b>À : </b><a href="mailto:yannick.beot@gmail.com">yannick.beot@gmail.com</a><br>
<b>Cc : </b><a href="mailto:luiz.omori@duke.edu">Luiz Omori</a>; <a href="mailto:mitreid-connect@mit.edu">
mitreid-connect@mit.edu</a><br>
<b>Objet :</b>Re: [mitreid-connect] Multiple instances connected to a single DB</p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">Yes, you will need to replicate your session information, but that’s doable with Tomcat and other containers, and Spring should support it fine.</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">There’s no reason for introspection not to work in this configuration, so I’m not sure what you’re talking about there. I’ve seen several split deployments (multiple IdPs
using multi-homed DNS and a common DB, no load balancer) and introspection works perfectly in those cases. Something else must be wrong if that broke.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> — Justin<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">On Jul 6, 2016, at 6:49 PM,
<a href="mailto:yannick.beot@gmail.com">yannick.beot@gmail.com</a> wrote:<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal">Hi,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">It depends on your configuration but you should probably use a sticky session or replicate session data between your instances.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Envoyé de mon téléphone Windows 10<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span><o:p></o:p></p>
</div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<div>
<p class="MsoNormal"><b>De :<span class="apple-converted-space"> </span></b><a href="mailto:luiz.omori@duke.edu"><span style="color:#954F72">Luiz Omori</span></a><br>
<b>Envoyé le :</b>mercredi 6 juillet 2016 22:42<br>
<b>À :<span class="apple-converted-space"> </span></b><a href="mailto:mitreid-connect@mit.edu"><span style="color:#954F72">mitreid-connect@mit.edu</span></a><br>
<b>Objet :</b>[mitreid-connect] Multiple instances connected to a single DB<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt">Hi,</span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt">We have an use case that calls for having multiple servers running in parallel in a load balancing fashion. All instances would be connected to a single DB backend. Has anybody tried that? Any potential problems
you can think of? We know that all of them will have to use the same ISSUER configuration otherwise, perhaps among other things, introspection won’t work (we tested).</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt">Regards,</span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt">Luiz</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">_______________________________________________<br>
mitreid-connect mailing list<br>
<a href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.mit.edu_mailman_listinfo_mitreid-2Dconnect&d=CwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=Z8s9iJUyYBIaH58vNK0ro0apSv7au837UveAf9FC0gY&s=ziWD6Ha3X3woxxqu9zPDbEIzpDGa1IFpvzF5xzpxCT4&e=">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a></span><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
</div>
</blockquote>
</div>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</span></span>
</body>
</html>