Shibboleth with AWS Cloudfront

Wessel, Keith kwessel at
Thu Nov 14 10:53:33 EST 2019

But I assume that the two shibboleth2.xml settings (handlerSSL="false" and cookieProps="http" still need to be set?


-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Thursday, November 14, 2019 9:50 AM
To: Shib Users <users at>
Subject: Re: Shibboleth with AWS Cloudfront

On 11/14/19, 9:56 AM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

> Interesting. Is that different in 3 than it used to be in 2? That 
> wasn't my past experience when putting services behind SLBs that also offloaded SSL.

The SP generally just applies behavior based on the URL it operates on, and that URL should be https:// in such a case, that's really all that matters (I mean, in the broad sense, the scheme, port, and host are the factors here).

> More importantly, which settings does one need to make for this to work behind an SSL-offloading SLB?

ServerName, that's it.

-- Scott

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list