I wouldn't _think_ so since the IDP should support re-authenticating the user if they switch servers. I'd look to Cris Rockwell to comment on this however as he's been driving this implementation.
On Fri, Nov 13, 2020 at 11:10 AM Ben Radey <bra...@redhat.com> wrote: > > Hey Daniel - that SAML whiteboard project you mention - is sticky load > balancing a requirement for that to work? We are facing that exact issue > with our project's setup. > > Thanks, > Ben > > On Fri, Nov 13, 2020 at 8:24 AM Daniel Klco <daniel.k...@gmail.com> wrote: > > > Answers inline below. > > > > On Thu, Nov 12, 2020 at 11:22 AM Nicola Cisternino <ncis...@cointa.it> > > wrote: > > > > > > Hi all > > > We are newbies and come from world of web containers (which manage the > > > http session state) so, my question is: > > > in Sling what is the best (and standard) way to: > > > 1) login via WS (Servlet) called by a JS frontend > > > > Sling supports a pluggable authentication system[1] and includes > > support for form based[2] authentication. You can invoke the > > form-based authentication endpoints directly to login / out via JS. > > > > > 2) extend (logged) user data with custom info (state management) > > > > In Sling, each user has a Resource representation under /home/users. > > You could create additional child resources underneath the user's home > > resource to create profile data. > > > > > 3) restore the session state in subsequent WS calls (without login > > > again...) > > > > In form-based authentication, Sling uses cookies to keep the Session > > ID / Sling authentication between requests so this should be > > transparent. This works well for "sticky" load balancing, but will be > > challenging if you cannot ensure the user lands on the same server > > between requests. > > > > I would also note, it's best practice to not have Sling be the system > > of record for user data. Another SSO / user data system will ensure > > consistency across multiple Sling instances. There's a LDAP support > > bundle[3] from Jackrabbit Oak (the underlying repository > > implementation) which can be installed into recent versions of Sling. > > We also have a work in progress implementation of SAML support in the > > whiteboard (sandbox project). > > > > > Thanks a lot. > > > > > > -- > > > Nicola Cisternino > > > CTO - Ergon Project Manager - IT Architect > > > Cointa s.r.l. > > > Tel. +39 080 9371015 > > > ncis...@cointa.it > > > http://www.cointa.it > > > > [1] - > > https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html > > [2] - > > https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html > > [3] - > > https://jackrabbit.apache.org/oak/docs/security/authentication/ldap.html > > > >
