Greetings, I’m installing shib IdP v3.2.1 on ubuntu14.04 with jetty v9.3.9. This will be behind load balancers, F5 bigip v11.5.3. SSL will be terminated at the load balancer, ie: Client —(https:443)—> F5 —(http:8080)—> IdP
I’m getting this error: 2016-06-22 08:31:53,704 - ERROR [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:200] - Message Handler: SAML message intended destination endpoint 'https://myidp.mydomain.ca/idp/profile/SAML2/Redirect/SSO' did not match the recipient endpoint 'http://myidp.mydomain.ca/idp/profile/SAML2/Redirect/SSO' I’ve added the required configuration to offload TLS and the load balancer is inserting X-Forwarded-For (<clientIP) and X-Forwarded-Proto (https), but I’m still getting the error. I’m new to jetty. Can someone point me in the right direction? This is my shibboleth-identity-provider-3.2.1/embedded/jetty-base/etc/jetty.xml: <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Set name="secureScheme">https</Set> <Set name="securePort"><Property name="jetty.secure.port" default="443" /></Set> <Set name="outputBufferSize"><Property name="jetty.output.buffer.size" default="32768" /></Set> <Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="8192" /></Set> <Set name="responseHeaderSize"><Property name="jetty.response.header.size" default="8192" /></Set> <Set name="sendServerVersion"><Property name="jetty.send.server.version" default="true" /></Set> <Set name="sendDateHeader"><Property name="jetty.send.date.header" default="false" /></Set> <Set name="headerCacheSize">512</Set> <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> </Call> </New> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/> </Item> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="httpConfig" /></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.nonhttps.host" default="localhost" /></Set> <Set name="port"><Property name="jetty.nonhttps.port" default="8080" /></Set> <Set name="idleTimeout"><Property name="http.timeout" default="30000" /></Set> <Set name="soLingerTime"><Property name="http.soLingerTime" default="-1"/></Set> </New> </Arg> </Call> Regards, Ryan
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
