configuring shibboleth on AWS using ELB
Deirdre.Kirmis at asu.edu
Wed Nov 27 12:23:10 EST 2019
How do I prepare the metadata myself?
Thank you Scott and Michael...I added my servername to httpd.conf (I had configured with https in http.proxy.conf and in ssl.conf, but not in http.conf). I uncommented it and modified it in that file and now my metadata shows https. Still not sure if I have everything configured to make shibboleth work, though.
I did mention originally that I am just learning some of this ... still have a long way to go.
Arizona State University Library
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Wednesday, November 27, 2019 9:53 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: configuring shibboleth on AWS using ELB
On 11/27/19, 11:23 AM, "Deirdre Kirmis" <Deirdre.Kirmis at asu.edu> wrote:
> So just noticed that my metadata file (sent to IDP) shows all of the
> “Location” items for my server as http:// instead of https://. I
> generated the file using the URL
It is always, without exception, a mistake to ever give metadata to anybody else that you do not personally prepare and vet, which is why the comment in the file exists.
> And sent that file to my IDP. Any ideas why it would show http:// instead of https:// if I am using ELB listener with AWS > certs?
Because the Apache server has not been configured to know what its virtual ServerName (scheme in this case) is supposed to be, and is reporting requests to itself as http and not https.
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwIGaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=IgAOjdWbGD2E0SroaRg1RtDRiiviX00HX2OdNKo_sAk&s=F5TXV6FlhyW-_cj3_4MiZx6cfyqeA4TK7pZFRG4eoRE&e=
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users