SAML Session in web farm scenario and using redis distributed cache


We are using Asp .net 4.7.2 and component space SAML v3.5 for ASP .Net. We have our webforms based application deployed in a web farm environment (2 VMs with a load balancer). We are seeing Saml assertion handler is trying to verify -InResponseTo flag on the SP (Recieve SSO) call from IdP and failing on subsequent login requests. Referenced to this post: and we are facing the same problem

I understand that we have to implement the DB session store and can overcome this based on your documentation. We are also using Redis distributed cache in our application. Can I use the Redis cache to store the SAML session for my application? I found reference for Redis cache in Component space documentation for .Net core applications but not Asp.Net web forms based application… Please advise? Any references or examples would help us.


Redis can also be used as a central repository of SAML session state information.

You need to implement the ISSOSessionStore interface by extending the AbstractSSOSessionStore class. These are under the ComponentSpace.SAML2.Data namespace. The Load, Save and Delete methods need to be implemented. There are Serialize and Deserialize helper methods for converting SAML session objects to and from byte arrays. The CreateSessionIDForType method returns a unique session key that may be used as the index when storing/retrieving SAML session data.

You register your implementation at application start-up by settings the SAMLController.SSOSessionStore property.