'Shibboleth 3 SP separated from Tomcat java web application in 2 different machines?

I've a java web application running on Tomcat8 on machine A (https://machineA:8080/app)

and a machine B installed with Apache2 and Shibboleth 3 SP (https://machineB/Shibboleth.sso/)

which is configured to use https://samltest.id/ as Shibboleth IdP.

What I want to achieve is:

  • When I access https://machineA:8080/app

    -> It invokes a java code: httpServletResponse.sendRedirect("https://machineB/Shibboleth.sso/Login")

    -> It redirects to Shibboleth IdP on https://samltest.id

    -> However, after I logged in with the test user here, it stopped on https://machineB but it doesn't redirect to https://machineA:8080/app?

    I wanted to have the subject-id attribute returned from https://samltest.id in my web application.

  • There is another way around, which is Apache2 on machine B works as proxy protecting machine A

    with Tomcat8 as mentioned (Apache2 redirects to Tomcat8 via AJP 1.3) here https://shibboleth.atlassian.net/wiki/spaces/SHIB2/pages/2577072431/NativeSPJavaInstall.

    But it is not what I wanted.

javasingle-sign-onsaml-2.0shibbolethajp


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions