shibboleth


Shibboleth - Service Provider protect resource on different server


I have two servers - Server A and Server B, each with their own public IP address.
Server A hosts my production web application:
http://client1.mydomain.com
http://client2.mydomain.com
http://client3.mydomain.com
Server B hosts my Shibboleth Service Provider instance:
http://sso.mydomain.com
I have successfully configured Shibboleth to protect a resource on Server B, but I'm wondering, is it possible to have it protect resources on Server A? (ie. have the Shibboleth service step in front of any requests going to client2.mydomain.com)
Here's an excerpt from my shibboleth2.xml file:
This line works for Server B:
<Host name="sso.mydomain.com">
<Path name="secure" authType="shibboleth" requireSession="true"/>
</Host>
This line does NOT work
<Host name="client2.mydomain.com applicationId="admin" authType="shibboleth" requireSession="true"/>
Am I doing it wrong? Is it even possible? If it's not possible, do I need to also set up a Shibboleth configuration in my staging and qa environments? That seems excessive.
See the Shibboleth docs: NativeSPOneMany - https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPOneMany
This directly addresses your question.
It's possible, but Server B has to act as a proxy for Server A, and no secured application traffic can flow directly from the client to Server A.

Related Links

Shibboleth Configuration with ADFS 3.0 at the IDP sever
OKTA integration issue with Shibboleth SP
Shibboleth header attributes not being sent to all pages
how to customize login page for shibboleth idp
got error 404 while installing shibboleth, unable to get idp/status
Is it possible to connect Shibboleth idp from localhost?
Error Message: No peer endpoint available to which to send SAML response
spring-security-saml, IdP is unable to encrypt assertion?
Shibboleth custom redirect after success login
Common Shibboleth SP for multiple domain application
Shibboleth opensaml::FatalProfileException
Shibboleth - Service Provider protect resource on different server
How to make Shibboleth IdP send an attribute in emailAddress format?
Shibboleth Identity Provider startup exception
Shibboleth Identity Server using External Shibboleth Identity Server for Authentication
Shibboleth login page elegance

Categories

HOME
app-inventor
udp
wmic
fparsec
agile
laravel-5.2
webdav
ll
apiconnect
nodemailer
eval
goutte
wysiwyg
cosmicmind
line-api
pdo
mule-studio
grub2
ng-show
apply
explode
jquery-scrollify
onesignal
osmdroid
ui5
dhtmlx-scheduler
devforce
pycparser
openpgp
powershell-remoting
passenger
meta-raspberrypi
crop
finite-element-analysis
upsert
openweathermap
recycle-bin
number-theory
xmgrace
bnd
spring-data-hadoop
udev
maintenance
text-classification
tofixed
photography
emoticons
teiid
pdfkit
c#-interactive
mix
gradle-eclipse
project-online
handlebars.java
acm
hateoas
direct3d12
fabric-twitter
ffserver
leadtools-sdk
stackframe
jai
chaining
orientation-changes
cpu-speed
kendo-mvvm
errorprovider
x-ua-compatible
ghostdoc
pic24
voldemort
slick-2.0
visual-studio-addins
exiv2
opendata
.net-cf-3.5
sttwitter
ftp4j
vmware-server
device-emulation
process-monitor
abnf
crocodoc
enumerators
usn
blockingqueue
wcf-web-api
text-services-framework
entity-framework-ctp5
selectonemenu
selectmanycheckbox
shared-objects
surf
curljs
qtembedded
adsl
chdatastructures
openvg
savestate
callgrind
winsnmp
odbc-sql-server-driver

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App