ECP + Duo + Docker Enterprise = timeouts
Brent Putman
putmanb at georgetown.edu
Wed Sep 11 18:04:19 EDT 2019
On 9/11/19 1:42 PM, Cantor, Scott wrote:
> On 9/11/19, 1:37 PM, "users on behalf of Bickel, David" <users-bounces at shibboleth.net on behalf of jdbickel at iu.edu> wrote:
>
>> I did have to setup traffic to get InCommon metadata using proxyHost & proxyPort. I am not seeing a way to do
>> something similar for the Duo NonBrowser configuration. Am I missing something obvious in the documentation?
> https://wiki.shibboleth.net/confluence/display/IDP30/DuoAuthnConfiguration#DuoAuthnConfiguration-AdvancedHttpClientScenarios
>
> s/TLS example/applying proxy settings
>
> I have no idea what the wiring is to configure proxying outbound from the HttpClient code, but if it's possible that's the way.
Yep, the base HttpClient builder supports various proxy properties.
Those same properties are what gets used by the metadata providers via
the custom XML schema and parsers.
For custom HttpClient bean wiring, the full docs for the builder are
here, with all the possible properties:
http://shibboleth.net/cgi-bin/java-support.cgi/net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder
Namely the proxy related ones are:
connectionProxyHost
connectionProxyPort
connectionProxyUsername
connectionProxyPassword
So you can set any of those on the
shibboleth.authn.Duo.NonBrowser.HttpClient bean in duo-authn-config.xml
as illustrated in the wiki, e.g
p:connectionProxyHost="myproxy.example.com". Full example:
|<||bean| |id||=||"shibboleth.authn.Duo.NonBrowser.HttpClient"|
| ||parent||=||"shibboleth.NonCachingHttpClient"|
| ||p:connectionProxyHost="myproxy.example.com"
p:connectionProxyPort="1234" />|
Only caveat is that we've never really tested HTTP proxy usage much.
But if it's working for your InCommon metadata provider, then I believe
it should work here, b/c it's exactly the same HttpClient code.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190911/d3e5adb7/attachment.html>
More information about the users
mailing list