Session concurrency issue with SAML + OpenID Connect flow
Our LemonLDAP SP uses Redis as a session cache database. The authentication mode is IdP-initiated SSO.
When two threads of JMeter attempt to authenticate, apache log file records this trace :
[:error] [pid 31314] Magic number checking on storable string failed at /usr/lib64/perl5/vendor_perl/Storable.pm line 418, at /usr/share/perl5/vendor_perl/Apache/Session/Serialize/Base64.pm line 28.\n
{code}
Line 28 of Base64.pm match with base64 decoding :
{code:perl}
my $data = thaw(decode_base64($session->{serialized}));
{code}
Indeed, sessions stored in Redis are base64 encoded.
We do not encounter this problem when we run the test with a unique thread.
Does it mean that Base64.pm method isn’t thread safe ?
Here is the session cache configuration in lemonldap-ng.ini :
{code}
globalStorage = Apache::Session::Browseable::Redis
globalStorageOptions = { sentinels => ['55.10.211.174:26379', '55.10.211.175:26379', '55.10.211.176:26379'], service => 'mymaster', 'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', }