<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 9/11/19 1:42 PM, Cantor, Scott
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:F78A2D28-C81E-4603-AE9C-350A4BC8A6DF@osu.edu">
      <pre class="moz-quote-pre" wrap="">On 9/11/19, 1:37 PM, "users on behalf of Bickel, David" <a class="moz-txt-link-rfc2396E" href="mailto:users-bounces@shibboleth.netonbehalfofjdbickel@iu.edu"><users-bounces@shibboleth.net on behalf of jdbickel@iu.edu></a> wrote:

</pre>
      <blockquote type="cite">
        <pre class="moz-quote-pre" wrap=""> I did have to setup traffic to get InCommon metadata using proxyHost & proxyPort.  I am not seeing a way to do
something similar for the Duo NonBrowser configuration.  Am I missing something obvious in the documentation?
</pre>
      </blockquote>
      <pre class="moz-quote-pre" wrap="">
<a class="moz-txt-link-freetext" href="https://wiki.shibboleth.net/confluence/display/IDP30/DuoAuthnConfiguration#DuoAuthnConfiguration-AdvancedHttpClientScenarios">https://wiki.shibboleth.net/confluence/display/IDP30/DuoAuthnConfiguration#DuoAuthnConfiguration-AdvancedHttpClientScenarios</a>

s/TLS example/applying proxy settings

I have no idea what the wiring is to configure proxying outbound from the HttpClient code, but if it's possible that's the way.</pre>
    </blockquote>
    <p><br>
    </p>
    <p>Yep, the base HttpClient builder supports various proxy
      properties. Those same properties are what gets used by the
      metadata providers via the custom XML schema and parsers.</p>
    <p>For custom HttpClient bean wiring, the full docs for the builder
      are here, with all the possible properties:<br>
    </p>
    <p><a class="moz-txt-link-freetext" href="http://shibboleth.net/cgi-bin/java-support.cgi/net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder">http://shibboleth.net/cgi-bin/java-support.cgi/net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder</a></p>
    <p>Namely the proxy related ones are:</p>
    <p>connectionProxyHost<br>
      connectionProxyPort<br>
      connectionProxyUsername<br>
      connectionProxyPassword</p>
    <p>So you can set any of those on the
      shibboleth.authn.Duo.NonBrowser.HttpClient bean in
      duo-authn-config.xml as illustrated in the wiki, e.g 
      p:connectionProxyHost="myproxy.example.com". Full example:</p>
    <div class="line number29 index28 alt2"><code class="xml plain"><</code><code
        class="xml keyword">bean</code> <code class="xml color1">id</code><code
        class="xml plain">=</code><code class="xml string">"shibboleth.authn.Duo.NonBrowser.HttpClient"</code></div>
    <div class="line number30 index29 alt1"><code class="xml spaces">        </code><code
        class="xml color1">parent</code><code class="xml plain">=</code><code
        class="xml string">"shibboleth.NonCachingHttpClient"</code></div>
    <div class="line number31 index30 alt2"><code class="xml spaces">       
      </code><code class="xml plain">p:connectionProxyHost="myproxy.example.com"
        p:connectionProxyPort="1234" /></code></div>
    <p><br>
    </p>
    <p>Only caveat is that we've never really tested HTTP proxy usage
      much.  But if it's working for your InCommon metadata provider,
      then I believe it should work here, b/c it's exactly the same
      HttpClient code.<br>
    </p>
    <br>
  </body>
</html>