SP Reverse proxy and handlerSSL

Cantor, Scott cantor.2 at osu.edu
Tue Nov 27 22:18:05 EST 2012

On 11/27/12 10:01 PM, "Brian Mathis" <brian.mathis at gmail.com> wrote:

>I do not have handlerSSL set in my shibboleth2.xml config for the
>Sessions, so the default is "true".  However, I am not seeing any
>problems in this configuration, and so far all my tests are working.  I
>tried to set it to "false", and also explicitly set to
> "true", but it does not seem to affect the operation of the SP.

The only time handlerSSL is going to matter is if you're serving http://
requests. Your server here is virtualized to think everything it handles
is https://, so there's no case where it would come into play no matter
what it's set to.

>What's going on here?  I don't want to miss something that might crop up

The only thing I can think you're concerned about is a log warning, but
leaving aside that the purpose of the warning is just to guard against
non-ideal settings you don't intend to use, if your server is hosting
nothing but https:// requests, there's no reason to ever set handlerSSL to
false (or indeed to set it at all in such a case).

-- Scott

More information about the users mailing list