Multiple TPP Backend Servers Behind ALB is Failing

[mfortin]

PROBLEM SUMMARY When using the provider with a TPP endpoint that has multiple backends behind an AWS ALB fails as the stickiness is not observed.

STEPS TO REPRODUCE Authorize yourself Make multiple calls:

curl -X POST "https://venafi.endpoint/vedsdk/certificates/CheckPolicy" -H "accept: application/json" -H "X-Venafi-API-Key: <API Key>" -H "Content-Type: application/json" -d "{ \"PolicyDN\": \"\\\\VED\\\\Policy\\\\SecOps"}"

EXPECTED RESULTS I am expecting the request to succeed every time.

ACTUAL RESULTS Some requests will succeed, others will fail, depending on which backend you reach out.

ENVIRONMENT DETAILS

COMMENTS/WORKAROUNDS Getting a cookie for the session would solve the issue.

[tr1ck3r]

@mfortin this is currently the expected behavior if the load balancer in front of your TPP WebSDK drivers is not configured to use source IP address affinity (or the load balancer is not able to ascertain unique source IP addresses for clients). In Q3 we are planning to transition the provider from using the now deprecated API key to using token-based authentication and that will eliminate the dependency on sticky sessions.