Multiple virtual hosts on SP 3
Richard Frovarp
richard.frovarp at ndsu.edu
Tue May 21 17:42:46 EDT 2019
Trying to figure out if I've ran into a bug, or I'm doing it wrong.
Figured I would start here. I'm following the UW[1] and Oxford[2]
instructions for setting up a single SP with multiple vhosts. I don't
need the vhosts to be treated differently, it's even the same app, but
they are on vastly different domains, which might what is causing the
problem.
The generated metadata has both domains in the generated metadata, of
course with the same single entityID. I am using CAS 5.1 as my IdP.
1) I hit domain2.edu
2) Sent to CAS
3) Auth
4) CAS sends me back to domain1.edu
5) Shib SP validates data and gives me a cookie for domain1.edu
6) SP redirects me to domain2.edu
7) My SP cookie was issued for domain1, so it isn't being sent to
domain2, so goto #2
In general, how does the IdP know where to send the user back to if
there are multiple listed domains? It's possible the version of CAS I am
on doesn't support this. But I'm wondering in general how this is
supposed to work, or if I'm missing something other than just having two
EndpointBase values.
From where I'm at, it looks like the best option for me is different
entityIDs via the entityIDSelf param in HTTPD. That is certainly doable,
I just want to make sure that I'm not missing something.
Thanks,
Richard
1: https://wiki.cac.washington.edu/pages/viewpage.action?pageId=61703128
2:
https://help.it.ox.ac.uk/iam/federation/using-one-shibboleth-service-provider-multiple-virtual-hosts
More information about the users
mailing list