Help configure Shibd in a proxy
-
Hi.
I’m trying to add shibbolth authentication to a service but I’m having some issues.
I will try to explain my problem.
I have a machine where wordpress is and I will call it as WPSERVER
The machine is under a proxy server and it will be PXSERVERThe WPSERVER RESPONDS AS PXSERVER i.e when someone types PXSERVER/ABC the machine that handles the request is indeed WPSERVER/ABC but as HOME and SITEURL are defined as PXSERVER it will respond as PXSERVER/ABC.
We are trying to add a shibboleth authentication and have configured our shibboleth2.xml accordingly but we’re having some problems, specially the entityID mapped is different form the Bindings in the SP Metadata.
Examples: entityID is PXSERVER/sp/shibboleth
<init:RequestInitiator xmlns:init=”urn:oasis:names:tc:SAML:profiles:SSO:request-init” Binding=”urn:oasis:names:tc:SAML:profiles:SSO:request-init” Location=”https://WPSERVER/sp/Shibboleth.sso/Login”/>
</md:Extensions>or
Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=”https://WPSERVER/sp/Shibboleth.sso/SAML2/POST”Can someone give some help as I don’t know what we are doing wrong?
Note: I tried a differen RequestMapper and an ApplicationOverride with no effect.
If I remove the proxy and define HOME and SITEURL AS WPSERVER works as it should but that is not what we want.Thanks in advance.
-
The WPSERVER should be configured to think that it’s the PXSERVER.
In the WPSERVER configuration (assuming httpd), you’ll probably want something like:
ServerName PXSERVER
UseCanonicalName OnAnd none of the Shibboleth configuration in /etc/shibboleth/ should reference WPSERVER
For now, I’m marking this as resolved, but please let us know if that doesn’t work.
- You must be logged in to reply to this topic.
