SP configuration issue
cantor.2 at osu.edu
Fri May 31 12:31:25 EDT 2013
> I am trying to protect https://app.host.com/sub and have a load balancer
> that is directing traffic for https://app.host.com/sub to a different
> server then where app.host.com is getting served from.
Where is the SP though? If it's on the front-end, then you still don't need to move the handler location down into /sub. You can, but I really don't suggest it unless you plan to make use of app overrides later. You're using them now, but there isn't a clear indication as to why from your message, so you may not need all this complexity.
> When I do wget for the metadata via localhost on the terminal I am able to
> grab the metadata just fine. Although in the metadata is listing all the
> locations as https://app.host.com/Shibboleth.sso/ not
There metadata cannot and should not be used directly, and there are many reasons why. But in the specific case here, if you access /Shibboleth.sso/Metadata, that is certainly what it will return. If you access /sub/Shibboleth.sso/Metadata, the endpoints will be different.
More information about the users