according to installation guidelines x509 adapter requires secondary HTTPS port to be specified. Could someone explain why it is required?
In case PingFed is behind the load-balancer, should secondary port be configured in LB too? Does it require sticky session or round-robin strategy can be used?
Thanks in advance
The secondary HTTPS listener is required to be used so that PF will only challenge the client for their X509 certificate when PF needs to Authenticate a user using the X509 Adapter. If you were to make the specified configuration change on the primary HTTPS listener, then ALL client requests to PF (including protocol messages) would be required to present a valid client certificate for the transaction to proceed (hence the change "NeedClientAuth=true").
If PF is behind a LB you'll need to add the secondary HTTPS port to your configuration. However, it doesn't matter to PF & the X509 Kit if you have sticky or a round-robin configuration.
