Multiple URL's for one application
Cantor, Scott
cantor.2 at osu.edu
Fri Jan 20 17:11:24 GMT 2012
On 1/20/12 11:35 AM, "Jonathan Knight" <j.knight at isc.keele.ac.uk> wrote:
>However, the http://students.keele.ac.uk/ is actually fed through a load
>balancer and is actually being answered by 5 different boxes.
>count.vle.keele.ac.uk, oscar.vle.keele.ac.uk, bert.vle.keele.ac.uk,
>grover.vle.keele.ac.uk as well as owen.vle.keele.ac.uk.
That doesn't matter. What matters is what each web server thinks its name
is for each request, as it expects the client to see them. If you want the
URL to be fixed to that hostname, then each server must be virtualized to
use that name.
>If the IdP ever tried to contact students.keele.ac.uk then its unlikely
>it would even be talking to the same box that the user was trying to log
>in to. Assuming the IdP doesn't maintain cookies there's every
>possibility that if it makes multiple requests, they would be answered
>by different boxes.
Then you need to fix the virtualization to reflect that. You claimed not
to be doing virtual hosts, but that's exactly what a virtual host is,
something whose physical and logical properties don't match.
>What I'd like to achieve is for the IdP to always be given the
>owen.vle.keele.ac.uk name so it knows which of the 5 boxes called it,
>but the end user still sees the students.keele.ac.uk name in their URL's
>so they don't know which box they're talking to.
The IdP isn't talking to the box at all, the client is. If you want the
client to talk to "students", then all requests, redirects, and SAML
endpoints need to be in those terms, and every back end server must be
virtualized to use that hostname.
-- Scott
More information about the users
mailing list