We are not Shibboleth support, have you tried contacting their support channels? or using the sibboleth tag on stackoverflow.com <http://stackoverflow.com/questions/tagged/shibboleth> or serverfault.com <http://serverfault.com/questions/tagged/shibboleth> ?
The fact that the directory says "embedded/jetty-base/" means that its likely NOT using the jetty-distribution, and the configuration you are doing isn't being applied like you think it is. You'll need to understand, intimately, how Shibboleth configures itself, then you can configure it according to its techniques. Joakim Erdfelt / [email protected] On Thu, Jun 23, 2016 at 1:08 PM, Ryan Suarez <[email protected] > wrote: > Greetings, > > I’m installing shib IdP v3.2.1 on ubuntu14.04 with jetty v9.3.9. This > will be behind load balancers, F5 bigip v11.5.3. SSL will be terminated at > the load balancer, ie: > Client —(https:443)—> F5 —(http:8080)—> IdP > > I’m getting this error: > > 2016-06-22 08:31:53,704 - ERROR > [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:200] > - Message Handler: SAML message intended destination endpoint ' > https://myidp.mydomain.ca/idp/profile/SAML2/Redirect/SSO' did not match > the recipient endpoint ' > http://myidp.mydomain.ca/idp/profile/SAML2/Redirect/SSO' > > > I’ve added the required configuration to offload TLS and the load balancer > is inserting X-Forwarded-For (<clientIP) and X-Forwarded-Proto (https), > but I’m still getting the error. I’m new to jetty. Can someone point me > in the right direction? > > > This is my > shibboleth-identity-provider-3.2.1/embedded/jetty-base/etc/jetty.xml: > > <New id="httpConfig" > class="org.eclipse.jetty.server.HttpConfiguration"> > > <Set name="secureScheme">https</Set> > > <Set name="securePort"><Property name="jetty.secure.port" > default="443" /></Set> > > <Set name="outputBufferSize"><Property > name="jetty.output.buffer.size" default="32768" /></Set> > > <Set name="requestHeaderSize"><Property > name="jetty.request.header.size" default="8192" /></Set> > > <Set name="responseHeaderSize"><Property > name="jetty.response.header.size" default="8192" /></Set> > > <Set name="sendServerVersion"><Property > name="jetty.send.server.version" default="true" /></Set> > > <Set name="sendDateHeader"><Property name="jetty.send.date.header" > default="false" /></Set> > > <Set name="headerCacheSize">512</Set> > > <Call name="addCustomizer"> > > <Arg><New > class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> > > </Call> > > </New> > > > <Call name="addConnector"> > > <Arg> > > <New class="org.eclipse.jetty.server.ServerConnector"> > > <Arg name="server"><Ref refid="Server" /></Arg> > > <Arg name="factories"> > > <Array type="org.eclipse.jetty.server.ConnectionFactory"> > > <Item> > > <New > class="org.eclipse.jetty.server.ProxyConnectionFactory"/> > > </Item> > > <Item> > > <New > class="org.eclipse.jetty.server.HttpConnectionFactory"> > > <Arg name="config"><Ref refid="httpConfig" /></Arg> > > </New> > > </Item> > > </Array> > > </Arg> > > <Set name="host"><Property name="jetty.nonhttps.host" > default="localhost" /></Set> > > <Set name="port"><Property name="jetty.nonhttps.port" > default="8080" /></Set> > > <Set name="idleTimeout"><Property name="http.timeout" > default="30000" /></Set> > > <Set name="soLingerTime"><Property name="http.soLingerTime" > default="-1"/></Set> > > </New> > > </Arg> > > </Call> > > Regards, > Ryan > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
