I have experience with this. The main concern is that shibboleth needs to
retain shared session data between all the service provider instances. I
accomplished this with a postgres database. If you'd like more information you
can contact me off line from the haproxy list since it's not really related.
Sent from Nine<http://www.9folders.com/>
From: Aleksandar Lazic
Sent: Saturday, October 13, 2018 5:23 AM
To: Imam Toufique; haproxy
Subject: Re: HAProxy / shibboleth ( SP ) authentication question
Hi.
Am 13.10.2018 um 10:26 schrieb Imam Toufique:
> Hello,
>
> I have been searching for an answer whether HAProxy can forward authentication
> request from shibboleth SP.
With SP you mean Service Provider, right?
https://wiki.shibboleth.net/confluence/display/SP3
> Here is my proposed setup for delivering some web contents.
>
> A. load balancer is HAPorxy
> B. 3 web servers behind HA proxy
>
> -- > clients go to the proxy address: https://example.com
>
> --> shibboleth SP is installed on the LB node ( where HA proxy is running )
> --> HAPorxy will call in shibboleth for authentication
>
> --> 'valid-user' will be passed through HAProxy to the web server
>
> --> user will be granted access to the site.
>
> I am not sure if HAProxy has anything more then basic authentication support.
> At least I could not find anything.
>
> any feedback on this will be appreciated, very much.
I think the https://github.com/TimWolla/haproxy-auth-request could help here the
"Doc" is here https://bl.duesterhus.eu/20180119/ .
> thanks
Regards
Aleks
Information in this e-mail may be confidential. It is intended only for the
addressee(s) identified above. If you are not the addressee(s), or an employee
or agent of the addressee(s), please note that any dissemination, distribution,
or copying of this communication is strictly prohibited. If you have received
this e-mail in error, please notify the sender of the error.