multiple sp hosts behind a firewall/proxy etc
Peter Schober
peter.schober at univie.ac.at
Sat May 23 13:15:27 EDT 2015
* Musil, William <wmusil at labvantage.com> [2015-05-23 15:57]:
> This works perfectly for me if there is one and only one SP resource
> in the backend.
OK.
> I am trying to deal with a cluster of systems each with SP loaded,
> say proxy with backends resource1 and resource2.
That's relevant new information, of course, and changes quite a few
things. Here's the documentation for that:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPClustering
That's also the first result I get when I search for "sp cluster" in
the documentation (search box in the upper right corner).
* Musil, William <wmusil at labvantage.com> [2015-05-23 16:58]:
> I will keep reading. I expect that I can have many copies of sp, all
> running as the same identity, and this is scary to me, at least for
> now.
If all the SP instances should behave as one (i.e., you're clustering)
then you'd configure all SPs with the same key pair and the same
entityID (same everything). Not sure what's scary about that if that's
the expected behaviour.
> Any how-to dealing with implementing a single SP across multiple
> physical sp daemons would be welcome.
The page above explain all of the variants, incl. "shared nothing" and
relying on a clustered application session alone (which you seem to
have disregarded, from all the options you have).
-peter
More information about the users
mailing list