OpenSAML user discussion

["Scott Cantor" <>]

> Redirects are translated by reverse proxies, at least in every reverse
> proxy setup I encountered so far. (But I'm still young :-)

In that situation your hack is the appropriate one. If we defined a separate
interface to supply that information, it would make extra work for everybody
else using the library.

> I'm not sure you can change the scheme and port number. A quick look
> at the Tomcat doc for the Host element does not show an attribute to
> configure scheme or port number.

Try the Connector element.

> That assumption does not hold in all environments (imho). As we want
> our application to run in as many environments (good and badly
> designed ones) without fighting our way through the network and system
> operations departements, we need to be able to configure parameters
> like SAML target from within the application. I believe this to be
> genuine use case.

I can't speak for Chad, but supporting badly designed environments and
coddling sysadmins is not only a non-goal, but an anti-goal. If I make life
hard for a lazy sysadmin, I count it a good day.

-- Scott