vhosts with SP, single entity id

Peter Schober peter.schober at univie.ac.at
Tue Mar 6 04:30:34 EST 2018

* William Eubank <william.eubank at uah.edu> [2018-03-05 18:14]:
> But if in the apache vhosts file I define ServerName with an https
> prefix, https://vhost.uah.edu, it works.  And this may be what has
> to be but it just feels wrong.

But that's exactly how it's meant to be used and how it's documented:

  "Sometimes, the server runs behind a device that processes SSL, such
  as a reverse proxy, load balancer or SSL offload appliance. When
  this is the case, specify the https:// scheme and the port number to
  which the clients connect in the ServerName directive to make sure
  that the server generates the correct self-referential URLs."

> Shouldn't the ACS lines in the metadata in the IDP take precedence
> over the (I assume) dynamically built ACS lines the SP builds and
> sends to it?

The metadata doesn't tell the IDP where to send the response, it's
used by the IDP to verify that the location the SP requests the
reponse to be sent to is OK.
Only if they're identical that amounts to the same thing.


More information about the users mailing list