load balancing breaks SSO

Question

Hi,We have a load balanced environment (netscaler).  When a user hits a page the load balancer sends the request to a particular box with sticky sessions by IP which starts the SSO process using InitSAMLAuthRequest.  Our IDP https://login.microsoftonline.com/  then posts back but since https://login.microsoftonline.com/  does not have the same as IP as the user, the load balancer sometimes sends the response to a box that did NOT initiate the request and we get an error: Possible replay attack occurred as there is no login/logout information associated with this request.I can catch the error but there is not much else that I can do because now the load balancer will keep the user on box 1 and https://login.microsoftonline.com/ on box 2 so no way to redirect to another server. Any ideas?Thanks,Gabriel

BKBK · Answer

We have a load balanced environment (netscaler). When a user hits a page the load balancer sends the request to a particular box with sticky sessions by IP which starts the SSO process using InitSAMLAuthRequest. Our IDP https://login.microsoftonline.com/ then posts back ...

By @gabrieldavis321

That description confuses me. That is because I expected the load balancer to have the job of authenticating the user.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded