Dual server site affinity at the GTM level
I have an interesting requirement for 'bonded server' site affinity at the GTM response level.
The flow spec is as follows:
1. Client requests service via https://Service
2. If client is not authenticated they are redirected to https://serviceAuth
3. https://ServiceAut server requests and validates the user's credential and then redirects the web client back to the https://Service server with a reference to a federated credential (i.e. SAML token).
What we see in the server logs is that authentication fails if the web client is not redirected back after authentication to the https://Service server in the same site as the https://ServiceAuth server. This is because the https://Service server cannot retrieve the SAML token as it does not know of the https://ServiceAuth server in the other site.
Topology wise I have 2 DCs each with a GTM (eg, NS1 and NS2) and identical WideIPs.
I do not use cross-site pooling; pools remain local to the datacentre.
How do I ensure that the Service VIP and the Authentication VIP for the same service always have an affinity relationship at the GTM level?