Multiple URL's for one application

Jonathan Knight j.knight at
Fri Jan 20 16:35:12 GMT 2012

On 20/01/2012 15:01, Cantor, Scott wrote:
> All of your endpoints need to be in metadata. You apparently omitted some
> in whatever process you follow to register your metadata with the IdP(s)
> involved.

That's the bit that confuses me.

If I have a URL of that also answers then it makes sense to register both with 
the IdP.

However, the is actually fed through a load 
balancer and is actually being answered by 5 different boxes.,,, as well as

If the IdP ever tried to contact then its unlikely 
it would even be talking to the same box that the user was trying to log 
in to.  Assuming the IdP doesn't maintain cookies there's every 
possibility that if it makes multiple requests, they would be answered 
by different boxes.

So I was working on the plan that regardless of what URL was used to 
access they key to making it work was for owen to 
call the IdP using and hide the fact that the user 
has used

The simplest means of doing that is to use turn on the canonical name in 
Apache, however that also changes the URL for the user so they then see 
the name and the fail over in the load balancer 
will no longer work.

What I'd like to achieve is for the IdP to always be given the name so it knows which of the 5 boxes called it, 
but the end user still sees the name in their URL's 
so they don't know which box they're talking to.


More information about the users mailing list