bnfinet
commented
4 months ago Yes, you'll want to give them the same secret
https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example#L96
Closed normelton closed 4 months ago
bnfinet
commented
4 months ago Yes, you'll want to give them the same secret
https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example#L96
normelton
commented
4 months ago Brilliant thanks
Running the latest versions of Vouch and nginx (from hub.docker.com), with Azure AD authentication.
Our environment has two Nginx proxies (nginx-00 / nginx-01), each running Vouch (vouch-00 / vouch-01). Traffic is load balanced across both proxies.
When a user's browser bounces between nginx-00 and nginx-01, they have to establish a new session. The Vouch debug shows "signature is invalid". This makes sense since the cookie was created by the a different instance of Vouch.
I found a related issue (#503) where the suggestion was to establish different cookies for each of the Vouch. This would still require establishing two sessions with Azure AD.
Is there any way for one Vouch instance to be able to validate cookies from a second Vouch instance? Some sort of secret configured identically?