Client IP address check
cantor.2 at osu.edu
Mon Dec 14 14:16:15 UTC 2020
On 12/12/20, 6:42 PM, "users on behalf of IAM David Bantz" <users-bounces at shibboleth.net on behalf of dabantz at alaska.edu> wrote:
> What would trigger a Shibboleth SP to request validation or re-authentication for some users (but not others)?
The same sorts of things, networks, clients, millions of other details. You can't know why an SP does anything unless you run it or have its logs.
> How is the IdP getting the load balancer IP address as “client address”? - Does the SP request include what it thinks is
>the client IP address, or is the IdP not getting the correct x-Forwarded-For header on this request, even though it did so on
> the initial request that established the SSO session?
The latter. You have a broken LB.
More information about the users