Shibboleth + IIS and Pound Reverse Proxy
Posted
by
boburob
on Server Fault
See other posts from Server Fault
or by boburob
Published on 2012-11-08T09:25:34Z
Indexed on
2013/06/29
16:23 UTC
Read the original article
Hit count: 327
Having a bit of a problem getting Shibboleth (SSO) working with ADFS and Pound.
The main problem seems to be that:
- The website address will be https://website.domain.com
- Pound will then terminate the SSL and forward the traffic to the webserver on a different port (http://server.domain.com:8888)
I have set up Shibboleth to protect the address http://server.domain.com:8888, which allows me to retrieve metadata and it all seems to be working fine. However the problem seems to be that ADFS is configured to protect the https website, so when Shibboleth attempts to recieve information from ADFS I get nothing except the following error:
A token request was received for a relying party identified by the key
'https://msstagrevproxy.cwpintranet.com/shibboleth', but the request could not
be fulfilled because the key does not identify any known relying party trust.
Key: https://msstagrevproxy.cwpintranet.com/shibboleth
I am not really sure how I can work around this as to retrieve the metadata from Shibboleth I have to use the https address but this does not actually exist in Shibboleth or IIS.
Has anyone had any experience with this before or using any other SSO with a reverse proxy that works?
© Server Fault or respective owner