Shibboleth 3 SP separated from Tomcat java web application in 2 different machines?

Bang Pham Huu pham at
Fri Jan 28 17:53:15 UTC 2022


I've a java web application running on Tomcat8 on machine A

and a machine B installed with Apache2 and Shibboleth 3 SP

which is configured to use as Shibboleth IdP.

What I want to achieve is:

- When I access https://machineA:8080/app

     -> it invokes a java code

     -> It redirects to Shibboleth IdP on

     -> However, after I logged in with the test user here, it stopped
on https://machineB but it doesn't redirect to https://machineA:8080/app?

     I wanted to have the subject-id attribute returned from in my web application.

- There is another way around, which is Apache2 on machine B works as
proxy protecting machine A

  with Tomcat8 as mentioned (Apache2 redirects to Tomcat8 via AJP 1.3)

  But it is not what I wanted.



More information about the users mailing list