AW: Cookie spoof

Stopinski, Thomas Thaddäus thstopinski at
Mon Nov 11 17:39:48 EST 2019

Dear Peter,

In our believe we need the rewrite rule because, we want all traffic to go over a secure SSL connection.

As I was trying to describe in my initial mail, we have the SP and the Webapp running on two different machines. Even more, we run them in different domains.
So we must switch from one SSL connection to another. Correct me if I am wrong on that.
What we keeping asking ourselves is, how is the SP supposed to know where to send me after a successful login?

        We did as suggested by Scott, we took the         ShibUseHeaders On and the ApplicationOverride out from our configuration, but that broad us only into a loop.

 and thanks again.

Thomas stopinski
-----Ursprüngliche Nachricht-----
Von: users <users-bounces at> Im Auftrag von Peter Schober
Gesendet: Donnerstag, 7. November 2019 16:55
An: users at
Betreff: Re: Cookie spoof

* Stopinski, Thomas Thaddäus <thstopinski at> [2019-11-07 16:33]:
> We have an Apache webserver and a SP running on a VM on Ubuntu 18.04
> At the beginning we want to protect a asp .net core Webapp, that runs
> on Azure Cloud service. Everything is up-to-date.

It would be easier if you explained why you require the rewrite rule and especially why you're proxying requests to yourself?
(You have a ProxyPass to within the TLS-vhost for

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list