Our environment is AKS containers behind an nginx controller, with nginx configured for cookie based session affinity. In the ASP.NET application sessionState is enabled and uses "InProc".
The problem that we are seeing is that when a new request comes in, an affinity cookie is created but then, when I call InitiateSSO the response is often received by one of the other container instances, and we get an error as follows:
An SP-initiated SAML response from http://wherever/adfs/services/trust
was received unexpectedly.
No such issues in IP initiated, thankfully.
So i'm looking to find out if there is some config i can use to instruct component space to forward along the affinity cookie during the SP initiated flow, so that the saml response will end up routing back to the same ASP.NET application that initiated the request, or something like that.
Or, and i fear this might be the case, do i need to move to an out of process saml session state storage scheme like DatabaseSSOSessionStore, in order to support stateless containers?