I'm looking at implementing an OpenID provider ('OP') using Java + Tomcat/JBoss.
Now one of the key things about OpenID is that
A subject I've not been able to find any documentation on is the question on how to correctly implement this in a load balanced situation.
The generic issue I fear is that the RP connects to the OP and ends up on a different application server than the user.
My questions:
Thanks.
The generic issue I fear is that the RP connects to the OP and ends up on a different application server than the user.
Save the conversation state in a shared storage. That is, database or distributed cache. Cache would be faster, and you don't need much of persistence anyway.
Load-balancing with sticky sessions (all consequent request from the same client come to the same server) would reduce the number of cache updates.
(Clustered HTTP sessions that I intended to advice initially wouldn't work as the same conversation is spread between two sessions: user's and application's.)