multiple vhost , single SP question
Sean McHugh
sean8sean at gmail.com
Thu Nov 15 11:50:04 EST 2012
On Thu, Nov 15, 2012 at 4:21 AM, Peter Schober
<peter.schober at univie.ac.at>wrote:
>
> SNI is the obvious answer here but depends on what clients you need to
> support.
>
>
yes, i've considered this ... client requirements are flexible, but i've
been a bit trepidatious about moving to Apache 2.4 with Shib SP ... i've
seen some bugs on the wiki that I'll need to find out impact to our
environment
>
> Then the IdP would have failed with "No return endpoint available for
> relying party" or something like that. So probably we're not talking
> about the same thing.
>
it did
> But I'm not sure this would work the way I suggested anyway (i.e.,
> sharing cookies via a shared DNS domain and only establishing new
> sessions via 1 SSL-enabled vhost). It could be made to work with
> custom sessions not involving the SP, certainly.
>
i guess this is more of my own ignorance and misunderstanding ... can i
force the ACS value in the AuthNRequest to be
https://defaultSSLvhost when the client has initially visited
http://nonSSLvhost ?
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121115/133e671d/attachment.html
More information about the users
mailing list