>
> The resource (the one being proxied to) should not put it's own
> hostname anywhere (e.g. an AuthnRequest or a cookie).
> In fact the recipe cited explicitly mentions to set the ServerName
> (and scheme and port) of the resource's webserver to the one publicly
> visible (i.e., the proxy's).
Yes of course, you're right, servername and everything in shibboleth2.xml is set to proxyfrontend so it will get setup correctly at source, I was forgetting where this gets set.
However you aren't actually answering the question? The cookie will be created with an inaccessible target. You could cheat and put extra proxypass/proxypassreverse statements in the front end proxy httpd.conf but that does not solve the general case. i.e.
ProxyPass /foo/ http://sptarget.dundee.ac.uk/bar/
ProxyPassReverse /foo/ http://sptarget.dundee.ac.uk/bar/
#and then add these to make it work - yuk.
ProxyPass /bar/ http://sptarget.dundee.ac.uk/bar/
ProxyPassReverse /bar/ http://sptarget.dundee.ac.uk/bar/
Andy
************************************************************
Please consider the environment. Do you really need to print this email?
The University of Dundee is a registered Scottish charity, No: SC015096
|