configuring shibboleth on AWS using ELB

Deirdre Kirmis Deirdre.Kirmis at
Wed Nov 27 12:23:10 EST 2019

How do I prepare the metadata myself?
Thank you Scott and Michael...I added my servername to httpd.conf (I had configured with https in http.proxy.conf and in ssl.conf, but not in http.conf). I uncommented it and modified it in that file and now my metadata shows https. Still not sure if I have everything configured to make shibboleth work, though.

I did mention originally that I am just learning some of this ... still have a long way to go.

Deirdre Kirmis
Technology Services
Arizona State University Library

-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Wednesday, November 27, 2019 9:53 AM
To: Shib Users <users at>
Subject: Re: configuring shibboleth on AWS using ELB

On 11/27/19, 11:23 AM, "Deirdre Kirmis" <Deirdre.Kirmis at> wrote:

> So just noticed that my metadata file (sent to IDP) shows all of the 
> “Location” items for my server as http:// instead of https://. I 
> generated the file using the URL

It is always, without exception, a mistake to ever give metadata to anybody else that you do not personally prepare and vet, which is why the comment in the file exists.

> And sent that file to my IDP. Any ideas why it would show http:// instead of https:// if I am using ELB listener with AWS > certs?

Because the Apache server has not been configured to know what its virtual ServerName (scheme in this case) is supposed to be, and is reporting requests to itself as http and not https.

-- Scott

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list