Skip to Content.
Sympa Menu

shibboleth-users - [Shib-Users] shibboleth-sp behind an HAproxy

Subject: Shibboleth Users

List archive

[Shib-Users] shibboleth-sp behind an HAproxy

Chronological Thread 
  • From: daniel rahmeh <>
  • To: shibboleth-users <>
  • Subject: [Shib-Users] shibboleth-sp behind an HAproxy
  • Date: Tue, 25 Jan 2011 20:30:44 +0100
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=crFuQgmGbvbqSGgcKNJPh6zYCzbodjYdFMNkOHvrYscO7H02bXyt3LQ0YKOHYK/iQM RDhZY9/t/I8qBm81J7Z17D9ya1pKGohqiPxF/W4nYve2n/i9SwX29zI0iat2ObaiIbTA pad8wrpnrN3OzEe6V2n4eGp6pp0k4o2vWfHhU=


i have an Apache webserver running behind an HAproxy load-balancer.
The HAproxy is configured, with stunnel on it, to relay client request
to the webserver on http(80), exemple:
------------http----------------> (ApacheWeberserver:80)
(in fact the stream between HAproxy ans the webserver is not encrypted)

I installed an SP on my webserver and configured it to talk with my
idp (all in https). Then i got two problems:

1. the first one is after the user get authenticated, the idp tries to
find an HTTP endpoint
( and not an HTTPS
endpoint. Thus returning an error saying:'No peer endpoint available
to which to send SAML response'

2. to fix the problem i forced the SP to request the response on https
by setting the handlerssl option to true. Indeed, the idp sends the
SAML response this time to the https endpoint
(, but when the
request hits the SP i get a redirect loop.

i can understand the behavior but i want to know if there is a
work-around or something i can do to make it work

Sorry for making it long and thank you

Archive powered by MHonArc 2.6.16.

Top of Page