Skip to content Skip to site navigation Skip to service navigation

How to use a shared session cache for load balanced SPs

For load balanced servers, it can be nice to use a shared session cache to prevent end users from seeing the Shibboleth authentication screen multiple times while they navigate a website. The instructions below demonstratre how to set up a shared session cache using MySQL and Shibboleth v2.

  1. Ensure that these software packages are installed on your server:
    mysql-client
    libmyodbc
  2. Create a mysql database with the following schema. You can create the database yourself locally on your own server or use IT Service's MySQL Database Hosting service.
    CREATE TABLE version (
        major int NOT NULL,
        minor int NOT NULL
        ) type=innodb;
    
    CREATE TABLE strings (
        context varchar(255) not null,
        id varchar(255) not null,
        expires datetime not null,
        version smallint not null,
        value varchar(255) not null,
        PRIMARY KEY (context, id)
        ) type=innodb;
    
    CREATE TABLE texts (
        context varchar(255) not null,
        id varchar(255) not null,
        expires datetime not null,
        version smallint not null,
        value text not null,
        PRIMARY KEY (context, id)
        ) type=innodb; 
    Now initialize the versions table:
    insert into version values (1,0);
  3. Update your shibboleth2.xml file to use your newly created database as the session cache. Be sure to comment out the default session values when you set this up.

    Add to OutOfProcess section:
        <OutOfProcess logger="shibd.logger">
            <Extensions>
                <Library path="odbc-store.so" fatal="true"/>
            </Extensions>
        </OutOfProcess>

    Use this session cache, substituting in the correct database parameters for SERVER, DATABASE, USER, and PASSWORD:
    <StorageService type="ODBC" id="mysql" cleanupInterval="900">
        <ConnectionString>
    DRIVER=MySQL;SERVER=mysql-apps.stanford.edu;DATABASE=s_shib_testsp;USER=s_shib_testsp;PASSWORD=**********
        </ConnectionString>
    </StorageService>
    
        <SessionCache type="StorageService" cacheTimeout="28000" StorageService="mysql" />
        <ReplayCache StorageService="mysql"/>
        <ArtifactMap StorageService="mysql" artifactTTL="180"/>
Last modified November 20, 2012