F5 in front of a Shibboleth-authorized application

Question

This is real shot-in-the-dark time. 
&nbsp;  
&nbsp; I'm trying to put the F5 LTM in front of a Shibboleth-authorized application.  There seems to be some sort of gotcha here which I have not figured out -- it works fine if there is only one server but the user web browser gets lost when there are two back-end servers.   
&nbsp;  
&nbsp; I can find plenty of references on the Google to putting a Shibboleth server behind the F5, but nothing about putting a service which uses Shibboleth authentication behind an F5, or other load balancer. 
&nbsp;  
&nbsp; Anyone done this, any thoughts about what has to be done differently?  Is something mangling my persistence cookies?   
&nbsp;  
&nbsp; Puzzledly yours...

hoolio · Answer

Hi Ken, 
&nbsp;  
&nbsp; Do you have persistence configured on the VIP?  This would ensure the same client is sent to the same pool member over the duration of their session.  You could try cookie insert or less ideally source address persistence to start with. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

F5 in front of a Shibboleth-authorized application

Recent Discussions

Help needed with iRule (connection closed log )

AS3 Limitations

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

VIPTest: Rapid Application Testing for F5 Environments

Application Programming Interface (API) Authentication types simplified

Understanding Modern Application Architecture - Part 1

Customer Edge Site High Availability for Application Delivery - Reference Architecture

Securing Applications using mTLS Supported by F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS