cantor.2 at osu.edu
Tue Nov 12 08:12:52 EST 2019
On 11/11/19, 5:40 PM, "users on behalf of Stopinski, Thomas Thaddäus" <users-bounces at shibboleth.net on behalf of thstopinski at ukaachen.de> wrote:
> What we keeping asking ourselves is, how is the SP supposed to know where to send me after a successful login?
The SP knows nothing about that second domain and must have no references to it, and no clients must ever talk to it. Reverse proxies *are* the app, full stop. That's the only URL that can be visible or used anyhere. All rules must be in terms of the external URL, all metadata, everything. Until you fix that, none of this will work.
More information about the users