I have experience with this. The main concern is that shibboleth needs to retain shared session data between all the service provider instances. I accomplished this with a postgres database. If you'd like more information you can contact me off line from the haproxy list since it's not really related.
Sent from Nine<http://www.9folders.com/> ________________________________ From: Aleksandar Lazic <al-hapr...@none.at> Sent: Saturday, October 13, 2018 5:23 AM To: Imam Toufique; haproxy Subject: Re: HAProxy / shibboleth ( SP ) authentication question Hi. Am 13.10.2018 um 10:26 schrieb Imam Toufique: > Hello, > > I have been searching for an answer whether HAProxy can forward authentication > request from shibboleth SP. With SP you mean Service Provider, right? https://wiki.shibboleth.net/confluence/display/SP3 > Here is my proposed setup for delivering some web contents. > > A. load balancer is HAPorxy > B. 3 web servers behind HA proxy > > -- > clients go to the proxy address: https://example.com > > --> shibboleth SP is installed on the LB node ( where HA proxy is running ) > --> HAPorxy will call in shibboleth for authentication > > --> 'valid-user' will be passed through HAProxy to the web server > > --> user will be granted access to the site. > > I am not sure if HAProxy has anything more then basic authentication support. > At least I could not find anything. > > any feedback on this will be appreciated, very much. I think the https://github.com/TimWolla/haproxy-auth-request could help here the "Doc" is here https://bl.duesterhus.eu/20180119/ . > thanks Regards Aleks ________________________________ Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.
