Secure traffic on reverse proxy and ShibUseHeaders
Peter Schober
peter.schober at univie.ac.at
Wed Nov 28 06:28:28 EST 2012
* Paul Beckett (ITCS) <P.Beckett at uea.ac.uk> [2012-11-26 18:06]:
> 3) Header, with mod_http connector using https
Not sure that's what you suggested or something else, but you could
require client cert authentication on those Tomcats (however that
would needed to be done) and supply the reverse proxy httpd (running
mod_shib) with a client certificate only used for the proxying to
Tomcat. Cf.
http://httpd.apache.org/docs/2.2/en/mod/mod_ssl.html#sslproxyengine
http://httpd.apache.org/docs/2.2/en/mod/mod_ssl.html#sslproxymachinecertificatefile
-peter
More information about the users
mailing list