Client address mismatch issue with multiple instances of Azure Application Gateway
Hi Shibboleth Team,
Shibboleth SSO is not working correctly hosted on Azure VM configured with two or more instances of Azure Application Gateway. It works absolutely fine with single instance of application gateway. But when we switch to two or more instance
of Application Gateway, we get following error and warning. Application should run with multiple instances of Application Gateway to meet the SLA requirement from Microsoft. Kindly note that each instance
of application gateway has its own IP addresses.
<Data>Shibboleth.ServiceProvider  iis_shib [default]: error during session lookup: Your IP address (xx.xx.xxx.x) does not match the address recorded at the time the session was
Application doesn’t work as expected due to this error of IP Address mismatch even after successful login into Shibboleth.Also, please find attached log for the detail. We have taken this log from our IIS Server where Shibboleth SP is installed.
Additionally, when we click on logout link, it throws error “<Data>Shibboleth.Application : LogoutInitiator handler at duplicate
Location (/Logout) will not be processed for application (default)</Data>”. Please see the error detail in attached log file.
We are looking for your assistance here to fix this authentication issue for Shibboleth SSO.
Thanks and Regards,
Aseem Keskar Group Manager – IT- WNS Global Services (P) Ltd |