SP Reverse proxy and handlerSSL

Brian Mathis brian.mathis at gmail.com
Tue Nov 27 22:01:15 EST 2012

I have read through the document here:
but still have a question about handlerSSL.

My setup is a front-end apache server that handles the SSL is a reverse
proxy to the shib SP server using http (non-secure).  I have set my
ServerName to include the scheme and port, as: https://example.com:443, and
also include X-Forwarded-Proto from the proxy.

I do not have handlerSSL set in my shibboleth2.xml config for the Sessions,
so the default is "true".  However, I am not seeing any problems in this
configuration, and so far all my tests are working.  I tried to set it to
"false", and also explicitly set to "true", but it does not seem to affect
the operation of the SP.

What's going on here?  I don't want to miss something that might crop up

I am using an IdP initiated flow and only with HTTP-POST on CentOS 5.8 x64,
httpd 2.2.3-65, shibboleth 2.5.0-2.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121127/766ba82f/attachment.html 

More information about the users mailing list