vhosts with SP, single entity id
peter.schober at univie.ac.at
Tue Mar 6 04:30:34 EST 2018
* William Eubank <william.eubank at uah.edu> [2018-03-05 18:14]:
> But if in the apache vhosts file I define ServerName with an https
> prefix, https://vhost.uah.edu, it works. And this may be what has
> to be but it just feels wrong.
But that's exactly how it's meant to be used and how it's documented:
"Sometimes, the server runs behind a device that processes SSL, such
as a reverse proxy, load balancer or SSL offload appliance. When
this is the case, specify the https:// scheme and the port number to
which the clients connect in the ServerName directive to make sure
that the server generates the correct self-referential URLs."
> Shouldn't the ACS lines in the metadata in the IDP take precedence
> over the (I assume) dynamically built ACS lines the SP builds and
> sends to it?
The metadata doesn't tell the IDP where to send the response, it's
used by the IDP to verify that the location the SP requests the
reponse to be sent to is OK.
Only if they're identical that amounts to the same thing.
More information about the users