Thanks for the reply. Not sure what the LB team’s reasoning is, but they seem very reluctant to allow https redirect. It helps my case to let them know that’s how it’s working elsewhere.
John F. Grunder Acuity, Inc. CA/CST Remedy Team Office of Consular Systems and Technology | Quality Management Branch U.S. Department of State | Bureau of Consular Affairs [email protected]<mailto:[email protected]> | [email protected]<mailto:[email protected]> cell | 703-887-7167 From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Jayesh Sent: Tuesday, April 21, 2015 2:39 PM To: [email protected] Subject: Re: Atrium SSO with load balancer ** Is there a specific reason for redirecting it to http traffic and not going with https? With https its working smooth for me. We have both the sso nodes running on https. But the F5 LB SAN signed certificate handles all the encryption. This email is UNCLASSIFIED. ________________________________ From: Grunder, John F<http://redirect.state.sbu/?url=mailto:[email protected]> Sent: 21-04-2015 11:11 PM To: [email protected]<http://redirect.state.sbu/?url=mailto:[email protected]> Subject: Atrium SSO with load balancer ** We are attempting to configure Atrium SSO (9.0, latest patch) with ARS 8.1 in a complete HA environment. We already have the load balancers configured for MidTier and ARS, but are having issues with the configuration for Atrium SSO. We are using F5 load balancers and the team responsible for the load balancers here wishes to have the F5 handle all SSL traffic, and redirect in http only to the SSO nodes. However, we cannot get SSO to work with only http…attempts to reconfigure Tomcat to serve the page have resulted in failures (and forced a reinstall of the Atrium SSO product). The F5 team rightly point out that this would mean that first the F5 encrypts, then the server encrypts again, which is inefficient. Does anyone have SSO setup in a similar config, and if so, can you provide any information as to how to handle the redirect, and/or how to configure Atrium SSO to successfully handle non-https traffic? Thanks in advance for any thoughts. John F. Grunder This email is UNCLASSIFIED. _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
