How to deploy shibboleth service provider in Kubernetes environment?

Peter Schober peter.schober at
Fri May 24 09:56:38 EDT 2019

* Karthikeyan Sundararajan <karthikeyan.s at> [2019-05-24 15:18]:
> In non-docker environment, apache2 and shibd services runs no the same
> server and apache2 communicates with shibd using mod_shib apache module
> (correct me if am wrong)

Well, on GNU/Linux and Unix mod_shib and shibd communicate over a unix
domain socket by default, on MS-Windows they use a TCP socket.
While you could use TCP sockets on GNU/Linux note that there's no
security layer in that protocol, so securing that would be left to the

> Is it possible to deploy shibboleth service provider in separate
> container and apache in separate container?

It's possible, but why would you chose to do that?
Just keeping them both in the same container avoids security issues
and makes deployment easier. I don't think you can swap out either
half for other verions or running different build/packaging so it's
best to treat those as a single system.

> Now I just want to deploy one more container for shibboleth, is it possible?

Probably, but you'll need to put mod_shib within your httpd container,
too, so just put shibd there, too, the way supported OS packaging does.


More information about the users mailing list