Shibboleth + IIS and Pound Reverse Proxy

Posted by boburob on Server Fault See other posts from Server Fault or by boburob
Published on 2012-11-08T09:25:34Z Indexed on 2013/06/29 16:23 UTC
Read the original article Hit count: 327

Filed under:
|
|
|

Having a bit of a problem getting Shibboleth (SSO) working with ADFS and Pound.

The main problem seems to be that:

  • The website address will be https://website.domain.com
  • Pound will then terminate the SSL and forward the traffic to the webserver on a different port (http://server.domain.com:8888)

I have set up Shibboleth to protect the address http://server.domain.com:8888, which allows me to retrieve metadata and it all seems to be working fine. However the problem seems to be that ADFS is configured to protect the https website, so when Shibboleth attempts to recieve information from ADFS I get nothing except the following error:

A token request was received for a relying party identified by the key 
'https://msstagrevproxy.cwpintranet.com/shibboleth', but the request could not 
be fulfilled because the key does not identify any known relying party trust. 
Key: https://msstagrevproxy.cwpintranet.com/shibboleth 

I am not really sure how I can work around this as to retrieve the metadata from Shibboleth I have to use the https address but this does not actually exist in Shibboleth or IIS.

Has anyone had any experience with this before or using any other SSO with a reverse proxy that works?

© Server Fault or respective owner

Related posts about iis

Related posts about adfs