Is anyone using the Amazon ElasticLoadBalancer (ELB) ...

Paul Wilt pewilt at
Wed May 21 13:50:48 EDT 2014

to talk to two or more EC2 instances?

When I attended the Shibboleth-SP workshop earlier this year--the
instructor indicated that it is best to allow the actual host machines to
do the SSL-termination instead of using the load balancer SSL-termination
to make it easier to configure in the shibboleth2.xml.

When using the ELB to do the load balancing there is a messy situation
where the communication between the ELB and the instances behind it uses
TCP instead of http or https to communicate the state of the instances.  Of
course this means that you cannot do *sticky* connections [which uses a
cookie].  This *feature*, of course, causes Shibboleth to fail!

Any one have a way to get around this?

Otherwise--I guess I need to use a more complex configuration.  On that
note--does anyone have a description of what to do when having the load
balancer to do the SSL-termination?

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list