multiple sp hosts behind a firewall/proxy etc

[Musil, William]

Hi, I found some info on this, but what I did find fails for me.

I have multiple SP nodes that work just fine-ish on my inside network as the redirects resolve no problem.

But squeezing it through a single non-shib enabled VIP isn't fun. I tried to reset all of the associations in the metadata to the VIP and reregistering against testshib.org, but then the fatal errors come after login. For now I have disabled the shib and the web application is working through the VIP just fine, so it is only the shib ping pong with the external idp that is causing me trouble.

Is there a basic guide on how to setup shib SP on multiple hosts behind a firewall or proxy with NAT talking to an external idp? The notion of an internal idp is possible, but the requirement I have before me is a common external idp (not testshib.org) that multiple sites, each with multiple web servers behind load balanced entries need to access.

I have done a lot of WiKi walking over the last few days, and there is tons of info, but it is just bits here and there. Someday I may find it, but there is still a lot of reading to do. I am hoping that someone else is doing just this with an external idp and has a rough guide to get it working.


________________________________

William T. Musil
Manager, Technical Services

LABVANTAGE Solutions, Inc.
265 Davidson Avenue, Suite 220
Somerset, NJ 08873-4120 USA

Phone: 908-333-0111
Mobile: 908-531-0835
Fax: 732-560-0121
Email: wmusil at labvantage.com<mailto:wmusil at labvantage.com?subject=Link%20from%20Signature>
Website: www.labvantage.com<http://www.labvantage.com>
Skype: bmusil.lvs<skype:bmusil.lvs?chat>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150523/dacc2ed6/attachment-0001.html>