shibboleth


Shibboleth - Service Provider protect resource on different server


I have two servers - Server A and Server B, each with their own public IP address.
Server A hosts my production web application:
http://client1.mydomain.com
http://client2.mydomain.com
http://client3.mydomain.com
Server B hosts my Shibboleth Service Provider instance:
http://sso.mydomain.com
I have successfully configured Shibboleth to protect a resource on Server B, but I'm wondering, is it possible to have it protect resources on Server A? (ie. have the Shibboleth service step in front of any requests going to client2.mydomain.com)
Here's an excerpt from my shibboleth2.xml file:
This line works for Server B:
<Host name="sso.mydomain.com">
<Path name="secure" authType="shibboleth" requireSession="true"/>
</Host>
This line does NOT work
<Host name="client2.mydomain.com applicationId="admin" authType="shibboleth" requireSession="true"/>
Am I doing it wrong? Is it even possible? If it's not possible, do I need to also set up a Shibboleth configuration in my staging and qa environments? That seems excessive.
See the Shibboleth docs: NativeSPOneMany - https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPOneMany
This directly addresses your question.
It's possible, but Server B has to act as a proxy for Server A, and no secured application traffic can flow directly from the client to Server A.

Related Links

shibboleth: resolving attributes based on multiple LDAP attributes
Custom data connector attribute for Shibboleth
Handling multiple IDPs of different customers from one SP
Shibboleth PathRegexp alowed patterns
Unable to restart Shibboleth service
Can I define attributes with non-unique names but with different NameFormats?
Shibboleth 3 IDP or SP setup with IP address
How to pass Sp entityId from Idp to Shibboleth Sp?
Web Login Service - Access Denied (Shibboleth IdP 3)
Shibboleth 2.5 on IIS - Handler invoked at an unconfigured location
Shibboleth Configuration with ADFS 3.0 at the IDP sever
OKTA integration issue with Shibboleth SP
Shibboleth header attributes not being sent to all pages
how to customize login page for shibboleth idp
got error 404 while installing shibboleth, unable to get idp/status
Is it possible to connect Shibboleth idp from localhost?

Categories

HOME
swift
signalr
dynamics-crm
visual-studio-2013
google-tag-manager
puppet
is-empty
propertygrid
slim-3
outlook-web-addins
ndis
data-synchronization
symfony-forms
pdo
ejs
medium-editor
ssms-2016
opera-mini
r-lavaan
atlassian-plugin-sdk
jpeg2000
zend-framework-mvc
eclipselink
clover
nsmenuitem
cocoa-touch
tcpclient
http-method
iis-10
onesignal
guile
lmdb
svnkit
skygear
oracle-xml-db
boilerplate
nodeclipse
bigcartel
meta-raspberrypi
delphi-10.1-berlin
brute-force
nashorn
floor
production-environment
nstouchbar
webdatagrid
mouseclick-event
info
mercury
teiid
lotus
vici
typhoon
gameanalytics
fps
distribute
asp.net-mvc-partialview
proxygen
brackets-shell
magento-1.4
android-recyclerview
schtasks.exe
jenkins-scriptler
wikitext
fabric-twitter
futuretask
anti-patterns
mogrify
on-duplicate-key
bridge
scrollspy
sqoop2
hana-xs
vcl
docopt
java-collections-api
bsp
coin-flipping
convex-polygon
html-form-post
sharpmap
resgen
qss
appfog
prng
lync-server-2010
mpmovieplayer
getstring
viewdidload
scalaxb
drawtext
hibernate3-maven-plugin
camtasia
aio
windows-controls
kpi
handheld
economics
data-entry

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App