shibboleth-dev - Re: Shibboleth and ipv6
Subject: Shibboleth Developers
List archive
- From: Ian Young <>
- To:
- Subject: Re: Shibboleth and ipv6
- Date: Thu, 20 Oct 2005 20:15:14 +0100
RL 'Bob' Morgan wrote:
We have a campus-wide "internal network" service, for machines that don't want to be on the big bad Internet, and a campus-wide NAT that serves them all. So for one of these machines our IdP sees the internal address, but an off-campus SP sees the NAT address. So we pretty much have to ask all our SPs to turn off address checking. I think this kind of setup is unfortunately becoming pretty common.
Just as a reminder, I have some code for the IdP that handles this particular case (IdP and some set of SPs behind a NAT) by rewriting the client's IP before sending it to an SP that is outside the NAT.
There was a bit of a deafening silence around this last time round, but if people are interested, I could try reintegrating that with CVS HEAD again.
-- Ian
P.S. No, my code doesn't handle IPv6...
- Shibboleth and ipv6, Lukas Haemmerle, 10/14/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/14/2005
- Re: Shibboleth and ipv6, Lukas Haemmerle, 10/18/2005
- Re: Shibboleth and ipv6, Spencer W. Thomas, 10/18/2005
- Re: Shibboleth and ipv6, Lukas Haemmerle, 10/18/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/18/2005
- RE: Shibboleth and ipv6, RL 'Bob' Morgan, 10/19/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/19/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/19/2005
- RE: Shibboleth and ipv6, RL 'Bob' Morgan, 10/19/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/19/2005
- Re: Shibboleth and ipv6, Ian Young, 10/20/2005
- Re: Shibboleth and ipv6, RL 'Bob' Morgan, 10/20/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/19/2005
- RE: Shibboleth and ipv6, RL 'Bob' Morgan, 10/19/2005
- Re: Shibboleth and ipv6, Spencer W. Thomas, 10/18/2005
- Re: Shibboleth and ipv6, Lukas Haemmerle, 10/18/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/14/2005
Archive powered by MHonArc 2.6.16.