multiple vhost , single SP question

Sean McHugh sean8sean at
Thu Nov 15 11:50:04 EST 2012

On Thu, Nov 15, 2012 at 4:21 AM, Peter Schober
<peter.schober at>wrote:

> SNI is the obvious answer here but depends on what clients you need to
> support.
yes, i've considered this ... client requirements are flexible, but i've
been a bit trepidatious about moving to Apache 2.4 with Shib SP ... i've
seen some bugs on the wiki that I'll need to find out impact to our

> Then the IdP would have failed with "No return endpoint available for
> relying party" or something like that. So probably we're not talking
> about the same thing.

it did

> But I'm not sure this would work the way I suggested anyway (i.e.,
> sharing cookies via a shared DNS domain and only establishing new
> sessions via 1 SSL-enabled vhost). It could be made to work with
> custom sessions not involving the SP, certainly.

i guess this is more of my own ignorance and misunderstanding ... can i
force the ACS value in the AuthNRequest to be
https://defaultSSLvhost  when the client has initially visited
http://nonSSLvhost  ?

> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list