configuring shibboleth on AWS using ELB

Cantor, Scott cantor.2 at
Mon Nov 25 18:55:05 EST 2019

On 11/25/19, 6:30 PM, "users on behalf of Deirdre Kirmis" <users-bounces at on behalf of Deirdre.Kirmis at> wrote:

> the certs are not included

Metadata is solely subject to your creation and control, so it has in it what you put in it, keys included. It is not generated other than for sample purposes.

> and the sp-cert.pem and sp-key.pem files did not get created.

The supported version of the SP generates two keypairs, one for signing, and one for encryption, neither one by that name anymore.

> Do I still need to “configure” https locally on the server

What you configure it to do is what you need it to do. Most people don't offload TLS anymore, they run it on every leg, but that's not anybody else's decision to make. As long as ServerName is set correctly to account for whatever virtualization is being done, the SP doesn't care.

-- Scott

More information about the users mailing list