SP Reverse proxy and handlerSSL
Brian Mathis
brian.mathis at gmail.com
Tue Nov 27 22:01:15 EST 2012
I have read through the document here:
https://wiki.shibboleth.net/confluence/display/SHIB2/SPReverseProxy
but still have a question about handlerSSL.
My setup is a front-end apache server that handles the SSL is a reverse
proxy to the shib SP server using http (non-secure). I have set my
ServerName to include the scheme and port, as: https://example.com:443, and
also include X-Forwarded-Proto from the proxy.
I do not have handlerSSL set in my shibboleth2.xml config for the Sessions,
so the default is "true". However, I am not seeing any problems in this
configuration, and so far all my tests are working. I tried to set it to
"false", and also explicitly set to "true", but it does not seem to affect
the operation of the SP.
What's going on here? I don't want to miss something that might crop up
later.
I am using an IdP initiated flow and only with HTTP-POST on CentOS 5.8 x64,
httpd 2.2.3-65, shibboleth 2.5.0-2.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121127/766ba82f/attachment.html
More information about the users
mailing list