Tomcat setup using hardware-based clustering

Michael Dahlberg olgamirth at
Thu Apr 17 12:01:37 EDT 2014

I’d like to setup a Shibboleth 2.4 IdP behind a hardware-based load balancer (I think the vendors are calling them Application Delivery Controllers now).  I’ve read the wiki on IdPClusterIntro and the IdPApacheTomcatPrepare.  I’d like all traffic to the load balancer be encrypted and the connections from the load balancer to the IdP to be unencrypted.  Also, I’d like the only connections to the IdP to come from the load balancer.

My reading of IdPApacheTomcatPrepare seems to indicate that this is not possible and that there are instances when the SP and the IdP communicate directly.  Is this so?  

Finally, given my proposed configuration, is it possible that I only need to configure tomcat to open an endpoint on port 8080 (for example)?

Thank you very much 

Michael Dahlberg
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list