Multiple URL's for one application
j.knight at isc.keele.ac.uk
Fri Jan 20 16:35:12 GMT 2012
On 20/01/2012 15:01, Cantor, Scott wrote:
> All of your endpoints need to be in metadata. You apparently omitted some
> in whatever process you follow to register your metadata with the IdP(s)
That's the bit that confuses me.
If I have a URL of http://owen.vle.keele.ac.uk/ that also answers
http://students.keele.ac.uk/ then it makes sense to register both with
However, the http://students.keele.ac.uk/ is actually fed through a load
balancer and is actually being answered by 5 different boxes.
count.vle.keele.ac.uk, oscar.vle.keele.ac.uk, bert.vle.keele.ac.uk,
grover.vle.keele.ac.uk as well as owen.vle.keele.ac.uk.
If the IdP ever tried to contact students.keele.ac.uk then its unlikely
it would even be talking to the same box that the user was trying to log
in to. Assuming the IdP doesn't maintain cookies there's every
possibility that if it makes multiple requests, they would be answered
by different boxes.
So I was working on the plan that regardless of what URL was used to
access owen.vle.keele.ac.uk they key to making it work was for owen to
call the IdP using owen.vle.keele.ac.uk and hide the fact that the user
has used students.keele.ac.uk.
The simplest means of doing that is to use turn on the canonical name in
Apache, however that also changes the URL for the user so they then see
the owen.vle.keele.ac.uk name and the fail over in the load balancer
will no longer work.
What I'd like to achieve is for the IdP to always be given the
owen.vle.keele.ac.uk name so it knows which of the 5 boxes called it,
but the end user still sees the students.keele.ac.uk name in their URL's
so they don't know which box they're talking to.
More information about the users