I have a set of micro services and we use zuul for routing from the front end as a way of mapping a uri context path to a specific micro service using spring cloud.
Internally and externally we use spring OAuth2 and that works quite well.
However, for one specific service there has arisen a requirement for SAML and this imposes a sticky sessions requirement for that service.
Has another considered this and what would eb the correct way to put in sticky session support for zuul.
As a work around until I figure this out, I am routing some requests form the HAProxy that we have on the front end directly to this service.
I assume if you need sticky sessions that you have multiple backends, so you must be using the Ribbon filter. Sticky sessions could be added as an IRule, e.g.
@RibbonClient(value="myui", configuration=UiRibbonConfiguration.class)
public class UiRibbonConfiguration {
@Bean
public IRule loadBalancerRule() {
return new MyStickySessionRule();
}
}
plus a ZuulFilter (or a servlet Filter in your backend) that adds a cookie for correlation - each backend instance has to uniquely identify itself, and then in the MyStickySessionRule you have to look at the incoming cookie to decide which instance to send the request to (e.g. you could send the "X-Application-Context" header value as a cookie if the backend is a Spring Boot app).
N.B. if you can use Spring Session in the backend you won't need sticky sessions.