Multiple virtual hosts on SP 3

Richard Frovarp richard.frovarp at
Tue May 21 17:42:46 EDT 2019

Trying to figure out if I've ran into a bug, or I'm doing it wrong. 
Figured I would start here. I'm following the UW[1] and Oxford[2] 
instructions for setting up a single SP with multiple vhosts. I don't 
need the vhosts to be treated differently, it's even the same app, but 
they are on vastly different domains, which might what is causing the 

The generated metadata has both domains in the generated metadata, of 
course with the same single entityID. I am using CAS 5.1 as my IdP.

1) I hit

2) Sent to CAS

3) Auth

4) CAS sends me back to

5) Shib SP validates data and gives me a cookie for

6) SP redirects me to

7) My SP cookie was issued for domain1, so it isn't being sent to 
domain2, so goto #2

In general, how does the IdP know where to send the user back to if 
there are multiple listed domains? It's possible the version of CAS I am 
on doesn't support this. But I'm wondering in general how this is 
supposed to work, or if I'm missing something other than just having two 
EndpointBase values.

 From where I'm at, it looks like the best option for me is different 
entityIDs via the entityIDSelf param in HTTPD. That is certainly doable, 
I just want to make sure that I'm not missing something.





More information about the users mailing list