SAML message intended destination endpoint did not match the recipient endpoin
gus.duarte at gmail.com
Wed Mar 11 11:53:15 EDT 2020
Thanks Matthew for you response but, as Peter said I'm using Jetty, not
Peter, you are right I should use Ubuntu 18 but I didn't know the 4.0
shibboleth is already released, good news.
I'm going to try remove Apache and let Jetty working alone.
El mié., 11 mar. 2020 a las 12:46, Peter Schober (<
peter.schober at univie.ac.at>) escribió:
> * Matthew Slowe <Matthew.Slowe at jisc.ac.uk> [2020-03-11 16:38]:
> > As luck would have it, I ran into the same problem this morning. For
> > me, this was due to Tomcat not understanding that the real HTTP
> > traffic (being terminated by Apache httpd) was done over https.
> > My fix was to amend the <Connector> block and add a “Valve” to the
> > Tomcat server.xml’s <Engine> block:
> Only that the OP is using Jetty, not Tomcat.
> > <Valve className="org.apache.catalina.valves.RemoteIpValve"
> > internalProxies=“10.1.2.0/16"
> > remoteIpHeader="x-forwarded-for"
> > remoteIpProxiesHeader="x-forwarded-by"
> > protocolHeader="x-forwarded-proto"
> > />
> > Connector might now look like:
> > <Connector address=“..." port=“8080" protocol="HTTP/1.1" proxyPort="443"
> scheme="https" secure="true" />
> For httpd+Tomcat you shouldn't be HTTP proxying at all, IMO, but use
> AJP between them. Then all that's needed is virtualising the scheme
> and proxyPort (as shown above), if even that's still needed.
> Or drop Apache httpd completely and only use Tomcat, really.
> That last suggestion (drop Apache httpd and use the servlet container
> as TLS-enabled webserver, too) would also apply to the OP and Jetty,
> of course.
> Personally I wouldn't set up a new system on Ubuntu 16 LTS (when 18
> LTS exists), I wouldn't use httpd anymore and I wouldn't be installing
> IDPv3 when IDPv4 was released *today*.
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users