stackoom
  简体   繁体   中英

Relying Party in a web farm scenario (IsSessionMode = true)

 原文  2012-06-04 12:04:49       asp.net/ wif/ geneva-framework

Question

First, I had to set IsSessionMode = true to decrease cookie size

I need to balance 2 RP instances I did the following steps on 2 different machines with RP instances:

1) Subscribed to ServiceConfigurationCreated event 

private void WSFederationAuthenticationModule_ServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
    {
        X509Certificate2 certificate = CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, ConfigHelper.FrontendCertificate);

        var sessionTransforms = new List<CookieTransform>(new CookieTransform[] 
        { 
            new DeflateCookieTransform(), 
            new RsaEncryptionCookieTransform(certificate),
            new RsaSignatureCookieTransform(certificate)
        });

        SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
        e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
    }

2) Took away session to asp.net state service

Problem:

When I try to log on STS I get infinity redirect from RP to STS

I cant understand why. Token is stored in session(IsSessionMode = true). Session is shared between 2 different hosts by asp.net state service.

What is the problem? What did I miss?

I think I dont understand something important.

1 answers

solution1
 0  2012-06-05 15:25:42

My best guess is WIF is simply failing to establish a session at the RP side, and the user is landing on an unauthorized page (a custom error page maybe?), which prompts WIF to redirect back to the STS for authentication, and now you're looping.

Some experiments you might try:

  1. Turn off IsSessionMode = false, and see if the problem still occurs. If it doesn't then you know WIF is choking on session creation, and you can check to make sure your RP is successfully contacting the ASP.NET state service for example.

  2. Install Fiddler (http://fiddler2.com/fiddler2/) which is an invaluable tool for debugging such infinite redirects. Collect some traces, see what's going on. You might also consider posting your RP web.config.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SignalR connection affinity in web-farm scenario Is it strictly necessary to implement a security token cache in a WIF + Web Farm scenario? ADFS relying party authentication Securing web.config and app.config in a web farm scenario programmatically machineKey on Web Farm? Web Farm Framework + PLINQ Random() instance in web farm Relying party vs application groups in ADFS Combine STS and relying party into same website Authentication with a Web farm
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM