"InResponseTo is not valid" error thrown when using connect-memcached as the session store shared with multiple servers and a load balancer with no sticky

[mileacolaco]

Hi,

Our application is using passport-saml 1.0.0 for our SSO login and we are currently facing an issue when using multiple node servers having a load balancer (with no sticky session) and a central memcached session store shared by the multiple servers.

We have the validateInResponseTo option of the passport-saml config set to true.

Following error is thrown on the nodeJs console logs
Error: InResponseTo is not valid

According to the passport-saml documentation, for multiple server/process scenarios we need to provide an implementation for a cache provider by providing an object with the get, set and remove functions.
Since we are using "connect-memcached" node module for the session store, the get / set functions for the cache provider object throws error, as the "connect-memcached" expects session variables which is not available at the time of initializing our saml strategy.

Is there any example of implementation of the cache provider that can be provided for "connect-memcached".

Note: We have tried upgrading passport-saml to 1.1.0 as well as 1.2.0, but the issue still persists.
Also tried setting the acceptedClockSkewMs to a higher number to be sure that there is no issue with the server timings. The error was still logged.

[markstos]

Sorry, there is volunteer bandwidth for support requests. You can try StackOverflow with the passport-saml tag. If you can reproduce this is a bug in passport-saml and not in your environment or configuration, please re-open .