<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<div class="moz-cite-prefix">On 9/11/19 1:42 PM, Cantor, Scott
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:F78A2D28-C81E-4603-AE9C-350A4BC8A6DF@osu.edu">
<pre class="moz-quote-pre" wrap="">On 9/11/19, 1:37 PM, "users on behalf of Bickel, David" <a class="moz-txt-link-rfc2396E" href="mailto:users-bounces@shibboleth.netonbehalfofjdbickel@iu.edu"><users-bounces@shibboleth.net on behalf of jdbickel@iu.edu></a> wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap=""> I did have to setup traffic to get InCommon metadata using proxyHost & proxyPort. I am not seeing a way to do
something similar for the Duo NonBrowser configuration. Am I missing something obvious in the documentation?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
<a class="moz-txt-link-freetext" href="https://wiki.shibboleth.net/confluence/display/IDP30/DuoAuthnConfiguration#DuoAuthnConfiguration-AdvancedHttpClientScenarios">https://wiki.shibboleth.net/confluence/display/IDP30/DuoAuthnConfiguration#DuoAuthnConfiguration-AdvancedHttpClientScenarios</a>
s/TLS example/applying proxy settings
I have no idea what the wiring is to configure proxying outbound from the HttpClient code, but if it's possible that's the way.</pre>
</blockquote>
<p><br>
</p>
<p>Yep, the base HttpClient builder supports various proxy
properties. Those same properties are what gets used by the
metadata providers via the custom XML schema and parsers.</p>
<p>For custom HttpClient bean wiring, the full docs for the builder
are here, with all the possible properties:<br>
</p>
<p><a class="moz-txt-link-freetext" href="http://shibboleth.net/cgi-bin/java-support.cgi/net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder">http://shibboleth.net/cgi-bin/java-support.cgi/net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder</a></p>
<p>Namely the proxy related ones are:</p>
<p>connectionProxyHost<br>
connectionProxyPort<br>
connectionProxyUsername<br>
connectionProxyPassword</p>
<p>So you can set any of those on the
shibboleth.authn.Duo.NonBrowser.HttpClient bean in
duo-authn-config.xml as illustrated in the wiki, e.g
p:connectionProxyHost="myproxy.example.com". Full example:</p>
<div class="line number29 index28 alt2"><code class="xml plain"><</code><code
class="xml keyword">bean</code> <code class="xml color1">id</code><code
class="xml plain">=</code><code class="xml string">"shibboleth.authn.Duo.NonBrowser.HttpClient"</code></div>
<div class="line number30 index29 alt1"><code class="xml spaces"> </code><code
class="xml color1">parent</code><code class="xml plain">=</code><code
class="xml string">"shibboleth.NonCachingHttpClient"</code></div>
<div class="line number31 index30 alt2"><code class="xml spaces">
</code><code class="xml plain">p:connectionProxyHost="myproxy.example.com"
p:connectionProxyPort="1234" /></code></div>
<p><br>
</p>
<p>Only caveat is that we've never really tested HTTP proxy usage
much. But if it's working for your InCommon metadata provider,
then I believe it should work here, b/c it's exactly the same
HttpClient code.<br>
</p>
<br>
</body>
</html>