Shibboleth with AWS Cloudfront
Wessel, Keith
kwessel at illinois.edu
Thu Nov 14 09:55:40 EST 2019
Interesting. Is that different in 3 than it used to be in 2? That wasn't my past experience when putting services behind SLBs that also offloaded SSL.
More importantly, which settings does one need to make for this to work behind an SSL-offloading SLB?
Thanks, Scott,
Keith
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Thursday, November 14, 2019 8:36 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Shibboleth with AWS Cloudfront
On 11/14/19, 9:29 AM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> No problem, Shannon. The important things are to set handlerSSL to false and cookieProps to http in shibboleth2.xml.
> If using Apache, you’ll also need to set the Apache ServerName directive to a full https://hostname.tld:443
Those are essentially inconsistent. If you properly virtualize, then the SP is logically operating over TLS regardless of the physical parameters.
-- Scott
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list