<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
p.xxmsonormal, li.xxmsonormal, div.xxmsonormal
{mso-style-name:x_x_msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">I put a ticket into AWS regarding this issue, and they looked at .har files that I generated from sessions created both with the ELB in place and without. This is their diagnosis for the issue that I’m having with the ELB and not returning
back and logging the user in: <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoPlainText">“It looks like the idp endpoint (shiboleth) is dropping the session when both the ALB cookie and application cookie is returned by ALB as its only expecting application cookie and hence not identifying a current session. Please note,
ALB does not modify any headers when sending requests to the backends hence you might need to confirm with the idp provider at the moment to confirm if they might be dropping the session.”<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">This is consistent with what I’m seeing in the logs. Does anyone know if this can be fixed at the SP (settings) or can the IDP make a change on their side?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Deirdre Kirmis<o:p></o:p></p>
<p class="MsoNormal">Technology Services<o:p></o:p></p>
<p class="MsoNormal">Arizona State University Library<o:p></o:p></p>
<p class="MsoNormal">480-965-7240<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> users <users-bounces@shibboleth.net> <b>On Behalf Of
</b>Deirdre Kirmis<br>
<b>Sent:</b> Sunday, December 15, 2019 11:58 AM<br>
<b>To:</b> Shib Users <users@shibboleth.net><br>
<b>Subject:</b> Re: configuring shibboleth on AWS using ELB<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">I am still struggling with this and trying to get it working. Shibboleth works perfectly on my server until I put it behind an AWS load balancer. Posting my configs, and wondering if anyone sees
anything that could be causing an issue? I appreciate any suggestions. I am using an application load balancer in AWS and have an https listener configured with a wildcard SSL cert from ACM. I also have a "Let's Encrypt" cert configured locally on the EC2.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">These are the default configs that came from the vendor, and I used them exactly as is and changed to our server name and environment:
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">----------------------------------------<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">ssl.conf:</span></b><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Listen 443 https<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">SSLSessionCache shmcb:/run/httpd/sslcache(512000)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">SSLSessionCacheTimeout 300<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">SSLRandomSeed startup file:/dev/urandom 256<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">SSLRandomSeed connect builtin<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">SSLCryptoDevice builtin<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><VirtualHost _default_:443><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ServerName {{ servername }}:443<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ErrorLog logs/ssl_error_log<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> TransferLog logs/ssl_access_log<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> LogLevel warn<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLEngine on<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLProtocol all -SSLv2<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLCertificateFile /etc/pki/tls/certs/{{ apache_ssl_cert }}<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLCertificateKeyFile /etc/pki/tls/private/{{ apache_ssl_key }}<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLCertificateChainFile /etc/pki/tls/certs/{{ apache_ssl_interm }}<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Files ~ "\.(cgi|shtml|phtml|php3?)$"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLOptions +StdEnvVars<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </Files><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Directory "/var/www/cgi-bin"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLOptions +StdEnvVars<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </Directory><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> CustomLog logs/ssl_request_log \<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> # custom error document when Glassfish isn't responding<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ErrorDocument 503 /503.html<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/503.html$ !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> # don't pass paths used by rApache and TwoRavens to Glassfish<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/RApacheInfo$ !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/custom !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/dataexplore !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> # don't pass paths used by Shibboleth to Glassfish<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/Shibboleth.sso !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/shibboleth-ds !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> # allow munin<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/munin !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> # pass everything else to Glassfish<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPass / ajp://localhost:8009/<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Location /shib.xhtml><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> AuthType shibboleth<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ShibRequestSetting requireSession 1<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> require valid-user<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </Location><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ServerAlias dataverse-dev.lib.asu.edu<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLCertificateFile {{ cert file }}<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLCertificateKeyFile {{ key file }}<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> Include /etc/letsencrypt/options-ssl-apache.conf<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SSLCertificateChainFile {{ chain file }}<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"></VirtualHost>
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">-----------------------<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">http.proxy.conf:</span></b><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><VirtualHost *:80><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ServerName {{ servername }}<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Location "/prometheus"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPass "<a href="http://localhost:9090/prometheus">http://localhost:9090/prometheus</a>"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassReverse "<a href="http://localhost:9090/prometheus">http://localhost:9090/prometheus</a>"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </Location><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Location "/grafana"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPass "<a href="http://localhost:3000">http://localhost:3000</a>"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassReverse "<a href="http://localhost:3000">http://localhost:3000</a>"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </Location><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> # custom error document when Glassfish isn't responding<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ErrorDocument 503 /503.html<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/503.html$ !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> # don't pass paths used by rApache and TwoRavens to Glassfish<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/RApacheInfo$ !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/custom !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/dataexplore !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> # don't pass paths used by Shibboleth to Glassfish<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/Shibboleth.sso !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/shibboleth-ds !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> # allow munin, if present<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPassMatch ^/munin !<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> # pass everything else to Glassfish<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> ProxyPass / ajp://localhost:8009/<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"></VirtualHost><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">----------------<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">shibboleth.xml:
</span></b><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><!--<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">This is an example shibboleth2.xml generated originally by
<a href="http://testshib.org">http://testshib.org</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">and tweaked for Dataverse. See also:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">- attribute-map.xml<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">- dataverse-idp-metadata.xml<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><a href="https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfiguration">https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfiguration</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">--><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> clockSkew="1800"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- FIXME: change the entityID to your hostname. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <ApplicationDefaults entityID="<a href="https://dataverse.example.edu/sp">https://dataverse.example.edu/sp</a>"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> REMOTE_USER="eppn" attributePrefix="AJP_"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- You should use secure cookies if at all possible. See cookieProps in this Wiki article. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- <a href="https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions">
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions</a> --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <SSO><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> SAML2 SAML1<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </SSO><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- SAML and local-only logout. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- <a href="https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceLogout">
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceLogout</a> --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Logout>SAML2 Local</Logout><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!--<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> Handlers allow you to interact with the SP and gather more information. Try them out!<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> Attribute values received by the SP through SAML will be visible at:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <a href="http://dataverse.example.edu/Shibboleth.sso/Session">
http://dataverse.example.edu/Shibboleth.sso/Session</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- Extension service that generates "approximate" metadata based on SP configuration. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- Status reporting service. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Handler type="Status" Location="/Status" acl="127.0.0.1"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- Session diagnostic service. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- showAttributeValues must be set to true to see attributes at /Shibboleth.sso/Session . --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Handler type="Session" Location="/Session" showAttributeValues="true"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- JSON feed of discovery information. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </Sessions><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- Error pages to display to yourself if something goes horribly wrong. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <Errors supportContact="root@localhost" logoLocation="/shibboleth-sp/logo.jpg"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> styleSheet="/shibboleth-sp/main.css"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- Loads and trusts a metadata file that describes only the Testshib IdP and how to communicate with it. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- IdPs we want allow go in /etc/shibboleth/dataverse-idp-metadata.xml --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <MetadataProvider type="XML" path="dataverse-idp-metadata.xml" backingFilePath="local-idp-metadata.xml" legacyOrgNames="true" reloadInterval="7200"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- Uncomment to enable all the Research & Scholarship IdPs from InCommon --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!--<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <MetadataProvider type="XML" url="<a href="http://md.incommon.org/InCommon/InCommon-metadata.xml">http://md.incommon.org/InCommon/InCommon-metadata.xml</a>" backingFilePath="InCommon-metadata.xml"
maxRefreshDelay="3600"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <DiscoveryFilter type="Whitelist" matcher="EntityAttributes"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <saml:Attribute<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> Name="<a href="http://macedir.org/entity-category-support">http://macedir.org/entity-category-support</a>"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <saml:AttributeValue><a href="http://id.incommon.org/category/research-and-scholarship%3c/saml:AttributeValue">http://id.incommon.org/category/research-and-scholarship</saml:AttributeValue</a>><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </saml:Attribute><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <saml:Attribute<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> Name="<a href="http://macedir.org/entity-category-support">http://macedir.org/entity-category-support</a>"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <saml:AttributeValue><a href="http://refeds.org/category/research-and-scholarship%3c/saml:AttributeValue">http://refeds.org/category/research-and-scholarship</saml:AttributeValue</a>><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </saml:Attribute><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </DiscoveryFilter><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </MetadataProvider><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- Attribute and trust options you shouldn't need to change. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <AttributeResolver type="Query" subjectMatch="true"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- Your SP generated these credentials. They're used to talk to IdP's. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> </ApplicationDefaults><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- Security policies you shouldn't change unless you know what you're doing. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <!-- Low-level configuration about protocols and bindings available for use. --><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"></SPConfig><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">---------------------------<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">I don't see any strange errors in the logs, other than this:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">shibd_warn.log:</span></b><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<pre><span style="font-family:"Calibri",sans-serif;color:black">2019-12-11 16:28:25 WARN Shibboleth.Application : empty/missing cookieProps setting, set to "https" for SSL/TLS-only usage<o:p></o:p></span></pre>
<pre><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></pre>
<pre><span style="font-family:"Calibri",sans-serif;color:black">2019-12-11 16:28:25 WARN Shibboleth.Application : handlerSSL should be enabled for SSL/TLS-enabled web sites</span><span style="color:black"><br><br></span><b><span style="font-family:"Calibri",sans-serif;color:black">glassfish.log:</span></b><span style="color:black"><o:p></o:p></span></pre>
<pre><span style="font-family:"Calibri",sans-serif;color:black">The SAML assertion for "Shib-Identity-Provider" was null. Please contact support.|#]</span><span style="color:black"><o:p></o:p></span></pre>
<pre><span style="color:black">-------------------<o:p></o:p></span></pre>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">I would appreciate any feedback that anyone can give me. Does anyone see anything in these that might cause shib to not work with AWS load balancer?
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <o:p>
</o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div id="Signature">
<div id="divtagdefaultwrapper">
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Deirdre Kirmis
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Web Application Developer<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#222222;background:white">Discovery Services</span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#222222;background:white">ASU </span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Library<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Arizona State University <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">480-965-7240<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="98%" align="center">
</div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> Deirdre Kirmis <<a href="mailto:Deirdre.Kirmis@asu.edu">Deirdre.Kirmis@asu.edu</a>><br>
<b>Sent:</b> Tuesday, December 3, 2019 12:34 AM<br>
<b>To:</b> Shib Users <<a href="mailto:users@shibboleth.net">users@shibboleth.net</a>><br>
<b>Subject:</b> Re: configuring shibboleth on AWS using ELB</span> <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Hi all...I'm still struggling with shibboleth not working on my system. Now, I'm just trying to use the samltest site that Nate sent...have uploaded my metadata to samltest, and have copied the
samltest metadata to my site. Samltest shows as a provider on my site...when I login using that, it goes through the process...lets me pick rick, then takes me back to my site, but does not log in rick or create his account. If I look at the session data,
it shows all of the attributes correctly...however in my server log I get an error that the attributes are null. When I try to "fetch" my site metadata, it just spins and never comes back as uploaded. When I manually upload the file, it acts like it was successful,
but when I try the test it says my site is not registered. What am I doing wrong?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div id="x_Signature">
<div id="x_divtagdefaultwrapper">
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Deirdre Kirmis
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Web Application Developer<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#222222;background:white">Discovery Services</span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#222222;background:white">ASU </span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Library<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Arizona State University <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">480-965-7240<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="98%" align="center">
</div>
<div id="x_divRplyFwdMsg">
<p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> users <<a href="mailto:users-bounces@shibboleth.net">users-bounces@shibboleth.net</a>> on behalf of Deirdre Kirmis <<a href="mailto:Deirdre.Kirmis@asu.edu">Deirdre.Kirmis@asu.edu</a>><br>
<b>Sent:</b> Wednesday, November 27, 2019 4:30 PM<br>
<b>To:</b> Shib Users <<a href="mailto:users@shibboleth.net">users@shibboleth.net</a>><br>
<b>Subject:</b> RE: configuring shibboleth on AWS using ELB</span> <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="xxmsonormal">That is great! Thank you…it already told me that I’m missing the metadata for identity provider!<o:p></o:p></p>
<p class="xxmsonormal"> <o:p></o:p></p>
<div>
<p class="xxmsonormal">Deirdre Kirmis<o:p></o:p></p>
<p class="xxmsonormal">Technology Services<o:p></o:p></p>
<p class="xxmsonormal">Arizona State University Library<o:p></o:p></p>
<p class="xxmsonormal">480-965-7240<o:p></o:p></p>
</div>
<p class="xxmsonormal"> <o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xxmsonormal"><b>From:</b> users <<a href="mailto:users-bounces@shibboleth.net">users-bounces@shibboleth.net</a>>
<b>On Behalf Of </b>Nate Klingenstein<br>
<b>Sent:</b> Wednesday, November 27, 2019 4:26 PM<br>
<b>To:</b> Shib Users <<a href="mailto:users@shibboleth.net">users@shibboleth.net</a>><br>
<b>Subject:</b> RE: configuring shibboleth on AWS using ELB<o:p></o:p></p>
</div>
</div>
<p class="xxmsonormal"> <o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif">Deirdre,</span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif">You may find <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__samltest.id_&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=-p3_HucMP6fgoiaOsqwQOGvonEwN8AdOsl8FKuiYMeE&s=WLLruzqa9leUxPFfkRtb0oUfHYVehAPdDs_2-golteE&e=">
https://samltest.id/</a> to be a useful resource. It's basically a fully configured SP that will let you see its logs so you can know exactly what's going on, end to end.</span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif">Best wishes,</span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif">Nate.</span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif">--------</span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;border:solid windowtext 1.0pt;padding:0in"><img border="0" width="100" height="100" style="width:1.0416in;height:1.0416in" id="x_x__x005f_x0000_i1025" src="cid:image001.jpg@01D5B4B1.826277C0" alt="Image removed by sender."></span><o:p></o:p></p>
<p><span style="font-size:13.5pt;font-family:"Arial",sans-serif">The Art of Access</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif">
<strong><span style="font-family:"Arial",sans-serif">®</span></strong></span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p><strong><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Nate Klingenstein</span></strong><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> | Principal</span><o:p></o:p></p>
<p><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.signet.id_&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=-p3_HucMP6fgoiaOsqwQOGvonEwN8AdOsl8FKuiYMeE&s=TGTv1t1GponuoVksgNyxYaNUwB0-U-468uHc-FilIgw&e=">https://www.signet.id/</a>
</span><o:p></o:p></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<blockquote style="border:none;border-left:solid #B0B0B7 1.5pt;padding:0in 0in 0in 4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="xxmsonormal">-----Original message-----<br>
<strong><span style="font-family:"Calibri",sans-serif">From:</span></strong> Deirdre Kirmis<br>
<strong><span style="font-family:"Calibri",sans-serif">Sent:</span></strong> Wednesday, November 27 2019, 12:14 pm<br>
<strong><span style="font-family:"Calibri",sans-serif">To:</span></strong> Shib Users<br>
<strong><span style="font-family:"Calibri",sans-serif">Subject:</span></strong> RE: configuring shibboleth on AWS using ELB<br>
<o:p></o:p></p>
<pre><span style="font-family:Consolas">Eventually, we will want to set up as a federation SP, but this is just dev at this point, so we are only configuring our org IDP. <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">I did find the documentation on creating the metadata schema/rules, so thanks for that direction. <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas"> <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">Deirdre Kirmis<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">Technology Services<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">Arizona State University Library<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">480-965-7240<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas"> <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">-----Original Message-----<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">From: users <<a href="mailto:users-bounces@shibboleth.net">users-bounces@shibboleth.net</a>> On Behalf Of Cantor, Scott<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">Sent: Wednesday, November 27, 2019 10:39 AM<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">To: Shib Users <<a href="mailto:users@shibboleth.net">users@shibboleth.net</a>><o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">Subject: Re: configuring shibboleth on AWS using ELB<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas"> <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">On 11/27/19, 12:23 PM, "users on behalf of Deirdre Kirmis" <<a href="mailto:users-bounces@shibboleth.net">users-bounces@shibboleth.net</a> on behalf of <a href="mailto:Deirdre.Kirmis@asu.edu">Deirdre.Kirmis@asu.edu</a>> wrote:<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas"> <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">> How do I prepare the metadata myself?<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas"> <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">It's an XML file with a very defined schema and set of rules for what's in it, but that's probably obvious so the intent of the question is not 100% clear.<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas"> <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">Speaking in general terms, a federated SP (that is, one dealing with many IdPs of different organizations) really needs to be in a federation, and federations provide metadata management systems generally, though not always.<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas"> <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">An enterprise SP is dealing with a single IdP and the IdP operator should be providing processes to follow. For myself, I don't ask SPs to give me metadata as a rule, I just expect them to inform me of the keys and hosts through a registration process, then I assign them entityID(s) to use, and I have processes to follow when changes are needed.<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas"> <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">-- Scott<o:p></o:p></span></pre>
<pre><span style="font-family:Consolas"> <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas"> <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">-- <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">For Consortium Member technical support, see <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=vG7jnjpCDSN0QFq4AMsIaEJhlm75brYoTFKZaSTj9Dg&s=nmaRAJ-HfEKwZBp3UslR_FH2lQ7avk7fjdY0-PNAGIA&e">https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=vG7jnjpCDSN0QFq4AMsIaEJhlm75brYoTFKZaSTj9Dg&s=nmaRAJ-HfEKwZBp3UslR_FH2lQ7avk7fjdY0-PNAGIA&e</a>= <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">To unsubscribe from this list send an email to <a href="mailto:users-unsubscribe@shibboleth.net">users-unsubscribe@shibboleth.net</a><o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">-- <o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">For Consortium Member technical support, see <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=-p3_HucMP6fgoiaOsqwQOGvonEwN8AdOsl8FKuiYMeE&s=k8dS6UKC2v800qaZG6IlByEGw4QGJlOB7ZLSlCG9I0c&e=">https://wiki.shibboleth.net/confluence/x/coFAAg</a><o:p></o:p></span></pre>
<pre><span style="font-family:Consolas">To unsubscribe from this list send an email to <a href="mailto:users-unsubscribe@shibboleth.net">users-unsubscribe@shibboleth.net</a><o:p></o:p></span></pre>
</blockquote>
</div>
</div>
</div>
</div>
</body>
</html>