Deployment on Web Farm with Redis


I have a question about deploying our ASP.NET MVC application with SP-initiated SSO to a web farm where we use Redis for synchronization. I read about HttpSSOSessionStore which is supposed to allow storing SSO Session in ASP.NET Session.

There isn’t much information in the Developer Guide, only this line of code:
SAMLController.SSOSessionStore = new HttpSSOSessionStore();

Could you please provide me with some more info? Where to put this line of code? Do I need to call this HttpSSOSessionStore somewhere in the code? There are some methods on this class like Save() and Load() - when do I call them (if there is need for it)? Or better, if there is any code example demonstrating this HttpSSOSessionStore.

Thank you very much in advance.

You need to implement the ISSOSessionStore interface under the ComponentSpace.SAML2.Data namespace.
The best way to do this is to extend the AbstractSSOSessionStore class and implement the Load, Save and Delete methods.
This class includes Serialize and Deserialize helper methods to serialize session objects to byte arrays and deserialize byte arrays to session objects.
Your implementation of the Load method would presumably retrieve the session object byte array from Redis and call Deserialize.
Similarly, Save would call Serialize and then save the session object byte array to Redis.
The CreateSessionIDForType method creates a unique key from the session ID and session object type.
This can be used as the key into Redis.
You register your ISSOSessionStore implementation by setting the SAMLController.SSOSessionStore property.
For example:
SAMLController.SSOSessionStore = new RedisSSOSessionStore();
This should be done once at application start-up.
The Load and Save methods are called by the SAML API implementation at the appropriate times. You don’t call these methods.
Feel free to reply if you have any other questions.


thank you very much for the answer. It’s very helpful.

Kind regards

You’re welcome.