Shibboleth SP in front of HA-Proxy in http mode

Jakub Danek jakub.danek at yoso.fi
Mon Sep 10 00:09:55 EDT 2018


Hello,

I would like to get a confirmation that my understanding of the process 
is correct.

Our customer has the following proxy setup (which would be very 
difficult to change for various reasons).

 1. Apache httpd with Shibboleth SP
 2. Nginx proxy
 3. Ha Proxy in http mode
 4. Java servlet container (tomcat)

Servers are listed in the way requests pass through. Numbers 3 and 4 are 
technically inseparable as it is an Openshift cluster deployment.

My understanding is that under such setup it is not possible to pass 
attributes to the java application via env variables, since there is no 
sane way I can expose the AJP port from Openshift (other than assigning 
the application a fixed IP which is out of the question). We are stuck 
with HTTP proxying.

My experiments with various configurations have been unsuccseful so far, 
but I would like to get a confirmation from someone more experienced.

Thanks in advance!

Jakub

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180910/0a929c4a/attachment.html>


More information about the users mailing list