shib session not accepted for vhosts with different IPs

[Sternath, Elmar]

Dear experts,

We installed two different Shibboleth installations on two different machines:

The first one serves one Apache instance with two vhosts, each of them with a different IP.

This setup works fine if the first vhost is activated and the second vhost is deactivated (commented out). However, when the second vhost is activated and the first vhost deactivated, the whole SAML traffic looks fine including the SAML response, shibsession and opensaml_req cookies, but when after successful authentication the protected resource is called, Shibboleth doesn't seem to accept the incoming session and redirects the user back to the IdP with a new SAML request, ending up in an endless loop.

The second one serves two separate Apache instances with one vhost each.

In this scenario Shibboleth works without any problems, no matter if the first or the second vhost or both vhosts (using ApplicationOverride) are activated.

Are there any known issues with two vhosts with two different IPs hosted on one Apache? If not, any other ideas what could be the reason for this behavior or at least how to further isolate the issue?

Thanks in advance for your advise and br,
Elmar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200807/48adbbc3/attachment.htm>