After a customer scales the developer portal from 1 to 2 or more instances, they may encounter an OIDC session persistence issue when attempting to log into the TAP GUI.
 

Login failed; caused by Error: Authentication failed, did not find expected authorization request details in session, req.session["oidc:sso:xxx-xxx-xxx.net"] is undefined

 

tap_gui:
  deployment:
    replicas: 2
    containerResources:
      requests:
        cpu: 1
        memory: 2Gi
      limits:
        cpu: 1
        memory: 3Gi

Product Version: 1.5

This issue is resolved in TAP v1.7.4. The DB session store was added in v0.18.3 of the plugin, in Backstage 1.14. If the customer is unable to upgrade, they can workaround this issue by enabling Contour’s Session Affinity feature.

Session affinity, also known as sticky sessions, is a load-balancing strategy whereby a sequence of requests from a single client are consistently routed to the same application backend. Contour supports session affinity on a per-route basis with loadBalancerPolicy strategy: Cookie.

Overlay file:

#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"name":"server"}})
---
spec:
  #@overlay/match missing_ok=True
  replicas: 3
  template:
    spec:
      containers:
      #@overlay/match by="name"
      - name: backstage
        #@overlay/match missing_ok=True
        resources:
          limits:
            cpu: 1
            memory: 1Gi
          requests:
            cpu: 1
            memory: 1Gi

#@overlay/match by=overlay.subset({"kind":"HTTPProxy","metadata":{"name":"tap-gui"}})
---
spec:
  routes:  
  #@overlay/match by=overlay.subset({"services": [{"name": "server"}]}) 
  - services: []
    #@overlay/match missing_ok=True
    loadBalancerPolicy:
      strategy: Cookie