AW: Cookie spoof
Stopinski, Thomas Thaddäus
thstopinski at ukaachen.de
Mon Nov 11 17:39:48 EST 2019
In our believe we need the rewrite rule because, we want all traffic to go over a secure SSL connection.
As I was trying to describe in my initial mail, we have the SP and the Webapp running on two different machines. Even more, we run them in different domains.
So we must switch from one SSL connection to another. Correct me if I am wrong on that.
What we keeping asking ourselves is, how is the SP supposed to know where to send me after a successful login?
We did as suggested by Scott, we took the ShibUseHeaders On and the ApplicationOverride out from our configuration, but that broad us only into a loop.
and thanks again.
Von: users <users-bounces at shibboleth.net> Im Auftrag von Peter Schober
Gesendet: Donnerstag, 7. November 2019 16:55
An: users at shibboleth.net
Betreff: Re: Cookie spoof
* Stopinski, Thomas Thaddäus <thstopinski at ukaachen.de> [2019-11-07 16:33]:
> We have an Apache webserver and a SP running on a VM on Ubuntu 18.04
> At the beginning we want to protect a asp .net core Webapp, that runs
> on Azure Cloud service. Everything is up-to-date.
It would be easier if you explained why you require the rewrite rule and especially why you're proxying requests to yourself?
(You have a ProxyPass to https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fshibboleth-ourserver.com&data=02%7C01%7C%7C880bf24a0efe4dd6f44808d7639af53f%7C5a6d5ee56edf4a26ba93f5872dbb9614%7C0%7C1%7C637087389496337159&sdata=nuhy577jRnf%2BwwHxeyBOV%2FZVhJuUkOMOY6On%2B9QgaMQ%3D&reserved=0 within the TLS-vhost for shibboleth-ourserver.com)
For Consortium Member technical support, see https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg&data=02%7C01%7C%7C880bf24a0efe4dd6f44808d7639af53f%7C5a6d5ee56edf4a26ba93f5872dbb9614%7C0%7C1%7C637087389496337159&sdata=P6SGOnWOpX2PyEidXYZAsWzAbaVxq5Bwc1VtU8NR61M%3D&reserved=0
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users