SAML Authentication across multiple publish instances, across multiple DCs

Hi All,

We have enabled encapsulated tokens in one of our environments and disabled sticky sessions in the load balancer.

When we load our page, some API calls are routed to one publisher while others are routed to different publishers(Expected).

In one of our user-related authentication calls (which loads first), we retrieve the user's ID and save it into the HTTP session.

However, subsequent API calls that rely on this ID and are routed to a different publisher (different from the one that handled the authentication call) are failing because the ID is null.

As a result, we are encountering exceptions due to the WWID being null, and no response is being returned.

We know encapsulated token mechanism will not handle server side sessions. Is there any way we can handle server side session in this case.

We cannot save the ID into cookie as it will give sensitive responses in few APIs if other people uses.

      We tried dispatcher sticky session to all API path so that it will hit only one publisher instance(disabled LB sticky session), but it is not working.

Any suggestions?