Skip to Content.
Sympa Menu

shibboleth-dev - two-box origin

Subject: Shibboleth Developers

List archive

two-box origin


Chronological Thread 
  • From: "RL 'Bob' Morgan" <>
  • To: Shibboleth Design Team <>
  • Subject: two-box origin
  • Date: Tue, 24 Jun 2003 23:53:03 -0700 (PDT)


I have the UW origin now running with the HS on one box
(shib.cac.washington.edu) and the AA on another box
(abajo.cac.washington.edu), and it seems to work OK. This is using the
CryptoHandleRepository, obviously.

Only odd thing is that when I put the directives in httpd.conf to cause
shibboleth/AA to do client cert request/verification, mod_ssl appears to
segfault (despite the fact that this works fine on shib.cac). Oh well.

I wouldn't say this is the easiest thing in the world to configure, but
it's do-able. I spose at some point we might start to think that having
the HS and AA on separate boxes would be the normal setup, and we might
offer distinct origin.properties files for each.

- RL "Bob"


------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--



  • two-box origin, RL 'Bob' Morgan, 06/25/2003

Archive powered by MHonArc 2.6.16.

Top of Page