Wednesday, 28 August 2013

Shibboleth - Service Provider protect resource on different server

Shibboleth - Service Provider protect resource on different server

I have two servers - Server A and Server B, each with their own public IP
address.
Server A hosts my production web application:
http://client1.mydomain.com
http://client2.mydomain.com
http://client3.mydomain.com
Server B hosts my Shibboleth Service Provider instance:
http://sso.mydomain.com
I have successfully configured Shibboleth to protect a resource on Server
B, but I'm wondering, is it possible to have it protect resources on
Server A? (ie. have the Shibboleth service step in front of any requests
going to client2.mydomain.com)
Here's an excerpt from my shibboleth2.xml file:
This line works for Server B:
<Host name="sso.mydomain.com">
<Path name="secure" authType="shibboleth" requireSession="true"/>
</Host>
This line does NOT work
<Host name="client2.mydomain.com applicationId="admin"
authType="shibboleth" requireSession="true"/>
Am I doing it wrong? Is it even possible? If it's not possible, do I need
to also set up a Shibboleth configuration in my staging and qa
environments? That seems excessive.

No comments:

Post a Comment