Forum Discussion

commsmonkey_172's avatar
Icon for Nimbostratus rankNimbostratus
Dec 10, 2010

Dual server site affinity at the GTM level

I have an interesting requirement for 'bonded server' site affinity at the GTM response level.



The flow spec is as follows:



1. Client requests service via https://Service


2. If client is not authenticated they are redirected to https://serviceAuth


3. https://ServiceAut server requests and validates the user's credential and then redirects the web client back to the https://Service server with a reference to a federated credential (i.e. SAML token).




What we see in the server logs is that authentication fails if the web client is not redirected back after authentication to the https://Service server in the same site as the https://ServiceAuth server. This is because the https://Service server cannot retrieve the SAML token as it does not know of the https://ServiceAuth server in the other site.



Topology wise I have 2 DCs each with a GTM (eg, NS1 and NS2) and identical WideIPs.


I do not use cross-site pooling; pools remain local to the datacentre.


How do I ensure that the Service VIP and the Authentication VIP for the same service always have an affinity relationship at the GTM level?








1 Reply

  • I'm not sure how to handle that in GTM, but you could at the LTM layer insert a site-specific cookie on the response and redirect upon further requests if sent to the wrong site. Anyone else?