Shibboleth - Service Provider protect resource on different server
I have two servers - Server A and Server B, each with their own public IP address. Server A hosts my production web application: http://client1.mydomain.com http://client2.mydomain.com http://client3.mydomain.com Server B hosts my Shibboleth Service Provider instance: http://sso.mydomain.com I have successfully configured Shibboleth to protect a resource on Server B, but I'm wondering, is it possible to have it protect resources on Server A? (ie. have the Shibboleth service step in front of any requests going to client2.mydomain.com) Here's an excerpt from my shibboleth2.xml file: This line works for Server B: <Host name="sso.mydomain.com"> <Path name="secure" authType="shibboleth" requireSession="true"/> </Host> This line does NOT work <Host name="client2.mydomain.com applicationId="admin" authType="shibboleth" requireSession="true"/> Am I doing it wrong? Is it even possible? If it's not possible, do I need to also set up a Shibboleth configuration in my staging and qa environments? That seems excessive.
See the Shibboleth docs: NativeSPOneMany - https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPOneMany This directly addresses your question. It's possible, but Server B has to act as a proxy for Server A, and no secured application traffic can flow directly from the client to Server A.
shibboleth: resolving attributes based on multiple LDAP attributes
Custom data connector attribute for Shibboleth
Handling multiple IDPs of different customers from one SP
Shibboleth PathRegexp alowed patterns
Unable to restart Shibboleth service
Can I define attributes with non-unique names but with different NameFormats?
Shibboleth 3 IDP or SP setup with IP address
How to pass Sp entityId from Idp to Shibboleth Sp?
Web Login Service - Access Denied (Shibboleth IdP 3)
Shibboleth 2.5 on IIS - Handler invoked at an unconfigured location
Shibboleth Configuration with ADFS 3.0 at the IDP sever
OKTA integration issue with Shibboleth SP
Shibboleth header attributes not being sent to all pages
how to customize login page for shibboleth idp
got error 404 while installing shibboleth, unable to get idp/status
Is it possible to connect Shibboleth idp from localhost?