Shib 2.3.1 and Apache 2.0.52 Firewall non-standard Port Issue

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Shib 2.3.1 and Apache 2.0.52 Firewall non-standard Port Issue

Dave J
This post was updated on .
Here's my issue:

ERROR OpenSAML.MessageDecoder.SAML2POST [2]: POST targeted at (https://sp.test.com/Shibboleth.sso/SAML2/POST), but delivered to (https://sp.test.com:9911/Shibboleth.sso/SAML2/POST)

This error is being written out by openSAML SAML2PostDecoder when it does a string comparison of the destination: https://sp.test.com/Shibboleth.sso/SAML2/POST to the requestURL: https://sp.test.com:9911/Shibboleth.sso/SAML2/POST

Shibboleth processes the requests just fine until it gets to the PostDecoder where I get this error.  Messages are being delivered, SAMLResponses parsed, all is well until this simple string compare, which fails of course.

The port number is assigned by our firewall, which Apache gleefully passes along to Shibboleth.  Shibboleth accepts this as well and keeps on going up to this point. Our firewall also does SSL offloading, but the ShibURLScheme tag handles that quite elegantly.

Does Shibboleth have a mechanism to handle ports similarly to how it handles the scheme?  I've been reading the docs intently, looking for a solution, especially any reference to ports, but I didn't see any that might solve this, of course I might've missed it.

I have seen some posts on Virtual Hosting regarding Apache 2.2, mentioning Virtual Hosts and some solutions, but my co. is standardized on Apache 2.0.

Any recommendations would be welcome.

Thanks.