configuring shibboleth on AWS using ELB

Deirdre Kirmis Deirdre.Kirmis at asu.edu
Wed Dec 18 10:08:01 EST 2019 

In AWS, when you create an application load balancer, you also define a "target group" of EC2 instances to direct incoming traffic to (to balance the load of traffic across multiple zones/instances). The load balancer sends requests to each instance based on how you configure it to route those requests. You can define a rule when you set up the target group that will route the traffic as http on port 80, or you can route it as https on port 443. I initially set mine up to route using http/port 80, thinking that any redirection to https would happen at the server. However, on the load balancer, I had set up a listener to redirect all traffic coming in on port 80 to https/port 443. I had another listener set up to route https to the target group. I'm not an expert by any means, but I think I was redirecting all traffic to the target group as https, but only had a rule for the target group to route as http...I'm not sure why it was working at all, honestly. 

I'm not sure I described that correctly...can anyone clarify or "translate"? I'm not an AWS or shibboleth expert, and still learning all of this.

Deirdre Kirmis
Technology Services
Arizona State University Library
480-965-7240

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Tuesday, December 17, 2019 5:01 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: configuring shibboleth on AWS using ELB

On 12/17/19, 4:56 PM, "users on behalf of Deirdre Kirmis" <users-bounces at shibboleth.net on behalf of Deirdre.Kirmis at asu.edu> wrote:

> I finally resolved this. I had configured the target group in AWS to 
> route on port 80 instead of port 443.  Recreating the target group on 
> https/port 443 and reregistering the target to route on port 443 fixed the issue and shib works now.  In case anyone else has the issue or has someone ask! Thanks for all of the responses...this is a helpful group!

I'm glad you resolved it, but that's definitely Greek to me. If there's somebody with the right translation skills, it's probably worth a HowTo topic in the KB in the wiki, but I don't have the requisite understanding at this point I'm afraid.

-- Scott


--
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=AOSJMi4ItTlDbqXSOz2jnHwYL4dG9bumWmLLao28OEQ&s=B4kQRddxIv6nWtcqDOhZMk5ZJZF7cEkdndbCxcl6X5Q&e=
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list