X-Forwarded-For on the IdP

Manuel Haim haim at hrz.uni-marburg.de
Mon Feb 13 13:41:39 GMT 2012


the RemoteIpValve is working fine here with Tomcat 6 and the Pound load
balancer (no Apache in-between).

As Pound also works as SSL wrapper (i.e. it handles HTTPS requests and
talks to Tomcat in plain HTTP), we additionally had to use and customize
Tomcat's SslValve for enabling IdP back-channel communication. (Remember
that the back-channel uses SSL client cert authentication.)


More information about the users mailing list