multiple vhost , single SP question
Cantor, Scott
cantor.2 at osu.edu
Thu Nov 15 12:05:41 EST 2012
On 11/15/12 12:01 PM, "Sean McHugh" <sean8sean at gmail.com> wrote:
>
>apologies ... you are correct - SNI is supported in 2.2.12+ with mod_ssl
>built against OpenSSL 0.9.9 or later
Ok, thanks.
>I think i need to re-read the wiki before continuing this thread. b/c
>from the answers i'm getting, i feel like i'm missing something obvious
>
>I only wish to have 1 cert for the _defaul_:443 vhost and direct the
>AuthNRequest ACS to that hostname only, when a request is made to any of
>the non-ssl vhosts
The cookies are scoped to the host. That's where Peter's shared domain
idea comes in. If you had a shared domain across them, then in theory,
yes, you can route all handler traffic to one set of endpoints. That is
extremely unusual, but that's the use case for setting handlerURL (which
is absent in a default config now) to an absolute URL root.
Instead of /Shibboleth.sso (relative), you use
https://vhost/Shibboleth.sso. Quite possible it will break somethings, but
that's the basic step.
You'd have to override cookieProps as well and use it to control the
cookie's settings to include a domain attribute.
-- Scott
More information about the users
mailing list