Shibboleth SP not working with CloudFront
Kannan, Satheesh (ELS-CON)
s.kannan.1 at elsevier.com
Wed Dec 22 06:41:32 UTC 2021
Hi good morning,
We have setup CloudFront in front of our application load balancer along with EC2 instance. Ec2 instance is the place where we hosted/ installed shibboleth SP software.
On, CloudFront level cookie caching was disabled and ALB level sticky sessions are enabled.
When we trying to authenticate with identity provider, we ended up seeing shibapache returns 500 status code along with shib configuration exception at shibboleth SP end.
Although, this exception has occurred intermittently, I see the first attempt of SP authenticate with idp was working expected and didn't see this exception. Subsequent or later, attempts of authenticate with identity provider ended up failing with shib configuration exception .In addition, we don't see this error when removing CloudFront.
I won't believe this was configuration exception, since it was working on few attempts with same idp.
Not sure, what is really causing problem here.
Error details given below
[mod_shib:error] None of the configured SessionInitiators handled the request.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users