Multiple virtual hosts on SP 3

Richard Frovarp richard.frovarp at ndsu.edu
Tue May 21 18:07:31 EDT 2019 

No load balancer is involved. The vhosts are for different domains in our CMS and aren't through a load balancer. They need to be distinct.

On 5/21/19 4:58 PM, Ray Bon wrote:
Richard,

The redirect pattern sounds like a load balancer in round robin configuration (switching among hosts on each request).
If this is the case, set the load balancer to sticky sessions.

Ray

On Tue, 2019-05-21 at 21:42 +0000, Richard Frovarp wrote:

Trying to figure out if I've ran into a bug, or I'm doing it wrong.

Figured I would start here. I'm following the UW[1] and Oxford[2]

instructions for setting up a single SP with multiple vhosts. I don't

need the vhosts to be treated differently, it's even the same app, but

they are on vastly different domains, which might what is causing the

problem.




The generated metadata has both domains in the generated metadata, of

course with the same single entityID. I am using CAS 5.1 as my IdP.




1) I hit domain2.edu




2) Sent to CAS




3) Auth




4) CAS sends me back to domain1.edu




5) Shib SP validates data and gives me a cookie for domain1.edu




6) SP redirects me to domain2.edu




7) My SP cookie was issued for domain1, so it isn't being sent to

domain2, so goto #2







In general, how does the IdP know where to send the user back to if

there are multiple listed domains? It's possible the version of CAS I am

on doesn't support this. But I'm wondering in general how this is

supposed to work, or if I'm missing something other than just having two

EndpointBase values.




 From where I'm at, it looks like the best option for me is different

entityIDs via the entityIDSelf param in HTTPD. That is certainly doable,

I just want to make sure that I'm not missing something.




Thanks,




Richard







1:

<https://wiki.cac.washington.edu/pages/viewpage.action?pageId=61703128>

https://wiki.cac.washington.edu/pages/viewpage.action?pageId=61703128







2:

<https://help.it.ox.ac.uk/iam/federation/using-one-shibboleth-service-provider-multiple-virtual-hosts>

https://help.it.ox.ac.uk/iam/federation/using-one-shibboleth-service-provider-multiple-virtual-hosts




--


Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rbon at uvic.ca<mailto:rbon at uvic.ca>



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190521/f98db245/attachment.html>

More information about the users mailing list