I am trying to use SAML failover. I have setup an external (OpenDJ) CTS and have enables SAML fail over. I have two OpenAM instances behind a load balancer both connecting to the same OpenDJ.
When I login in OpenAM with a SAML assertion with SAMLId of, e.g., 6388b327-58b5-4c85-99f3-5c050bfa76c4 I find it is saved in the CTS with a coreTokenId of 36333838623332372d353862352d346338352d393966332d356330353062666137366334. This is the hex version of the SamlId.
However, when I login with the same SAML assertion on the second OpenAM instance OpenAM reads the CTS with the samlId, without converting it to HEX. It can therefore not find it in CTS and will allow the login.
To be able to keep working I changed (in a local copy) in SAML2CTSPersistentStore.retrieveSAML2Token: