SAML Sessions seems not to be shared between loadbalanced RC instances #10436
Description
Description:
I setup SAML authentication for our demo system, all worked fine to the point there I hit an issue that sometimes the SAML authentication seems not to work.
Could debug this to the point there it seems that the loadbalancing without stickyness is an issue.
So if SAML-RequestA is created on BackendServer1, but BackendServer2 receives the answer, it doesnt know something about this and prohibits the user from login.
This could be easily reproduced - if I enable session stickyness on the loadbalancer the SAML authentication works - because the requests going to one backend system only.
Server Setup Information:
- Version of Rocket.Chat Server: 0.63.1
- Operating System: Ubuntu Server 16.04 LTS
- Deployment Method(snap/docker/tar/etc): docker
- Number of Running Instances: 3
- DB Replicaset Oplog: Yes
- Node Version: v8.9.3
- mongoDB Version: 3.6.3
Steps to Reproduce:
- Enable SAML on your system
- Try to login without session stickyness through a loadbalancer
-
- maybe it works - maybe not, depends on the loadbalancing ;). If the requests are balanced between multiple backend servers the logon is not possible
Expected behavior:
SAML sessions should be shared between all backend-instances
Actual behavior:
Seems that SAML sessions / login requests are not shared in the backend.
Relevant logs:
2018-04-12T15:35:57.654136892Z SAMLProvidername
2018-04-12T15:35:58.662647819Z { actionName: 'validate',
2018-04-12T15:35:58.662686890Z serviceName: 'samlprovidername',
2018-04-12T15:35:58.662695098Z credentialToken: undefined }
....
2018-04-12T15:36:05.667566925Z RESULT :undefined