Shibboleth with AWS Cloudfront

Wessel, Keith kwessel at
Thu Nov 14 09:55:40 EST 2019

Interesting. Is that different in 3 than it used to be in 2? That wasn't my past experience when putting services behind SLBs that also offloaded SSL.

More importantly, which settings does one need to make for this to work behind an SSL-offloading SLB?

Thanks, Scott,

-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Thursday, November 14, 2019 8:36 AM
To: Shib Users <users at>
Subject: Re: Shibboleth with AWS Cloudfront

On 11/14/19, 9:29 AM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

> No problem, Shannon. The important things are to set handlerSSL to false and cookieProps to http in shibboleth2.xml.
> If using Apache, you’ll also need to set the Apache ServerName directive to a full https://hostname.tld:443 

Those are essentially inconsistent. If you properly virtualize, then the SP is logically operating over TLS regardless of the physical parameters.
-- Scott

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list