Problems with IdP proxy
Jim Fox
fox at washington.edu
Wed Sep 18 00:45:07 EDT 2013
On Sep 17, 2013, at 6:58 PM, Cantor, Scott wrote:
> On 9/17/13 9:26 PM, "Yaowen Tu" <yaowen.tu at gmail.com> wrote:
>
>> Looking at the last exception again, it seems coming from
>> IdPNoCacheFilter. It seems that I need to do the same thing for
>> IdPNoCacheFilter like I did for IdPSessionFilter and SL4JCleanupFilter to
>> disable the check. I don't have the environment. I will
>> try it tomorrow and see it the request goes through.
>
> Those filters have nothing like the address checking that's in the session
> filter.
>
> The proxying can't require that the URL checks fail, that can't be turned
> off as far as I'm aware. I don't think the approach described by that
> page, which was contributed by Jim Fox, requires that the checks be
> disabled, so whatever you did is not equivalent.
>
The approach in question only required that
ensureConsistentClientAddress
be disabled. A DNS thing. Nothing else.
Jim
>>
>> Anyways, wiki needs to be updated since changing setting for
>> IdPSessionFilter only doesn't seems to be enough. Please let me know if I
>> am wrong.
>
> You are incorrect about the other filters being involved at least.
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list