configuring shibboleth on AWS using ELB

[Deirdre Kirmis]

How do I prepare the metadata myself?
Thank you Scott and Michael...I added my servername to httpd.conf (I had configured with https in http.proxy.conf and in ssl.conf, but not in http.conf). I uncommented it and modified it in that file and now my metadata shows https. Still not sure if I have everything configured to make shibboleth work, though.

I did mention originally that I am just learning some of this ... still have a long way to go.

Deirdre Kirmis
Technology Services
Arizona State University Library
480-965-7240

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Wednesday, November 27, 2019 9:53 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: configuring shibboleth on AWS using ELB

On 11/27/19, 11:23 AM, "Deirdre Kirmis" <Deirdre.Kirmis at asu.edu> wrote:

> So just noticed that my metadata file (sent to IDP) shows all of the 
> “Location” items for my server as http:// instead of https://. I 
> generated the file using the URL

It is always, without exception, a mistake to ever give metadata to anybody else that you do not personally prepare and vet, which is why the comment in the file exists.

> And sent that file to my IDP. Any ideas why it would show http:// instead of https:// if I am using ELB listener with AWS > certs?

Because the Apache server has not been configured to know what its virtual ServerName (scheme in this case) is supposed to be, and is reporting requests to itself as http and not https.

-- Scott



--
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwIGaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=IgAOjdWbGD2E0SroaRg1RtDRiiviX00HX2OdNKo_sAk&s=F5TXV6FlhyW-_cj3_4MiZx6cfyqeA4TK7pZFRG4eoRE&e=
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net