Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Terminate SSL at load balancer, not working
Greetings,

 I’m installing shib IdP v3.2.1 on ubuntu14.04 with jetty v9.3.9.  This will be behind load balancers, F5 bigip v11.5.3.  SSL will be terminated at the load balancer, ie:
Client —(https:443)—> F5 —(http:8080)—> IdP

I’m getting this error:

2016-06-22 08:31:53,704 - ERROR [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:200] - Message Handler:  SAML message intended destination endpoint 'https://myidp.mydomain.ca/idp/profile/SAML2/Redirect/SSO' did not match the recipient endpoint 'http://myidp.mydomain.ca/idp/profile/SAML2/Redirect/SSO'


I’ve added the required configuration to offload TLS and the load balancer is inserting X-Forwarded-For (<clientIP) and X-Forwarded-Proto (https), but I’m still getting the error.  I’m new to jetty.  Can someone point me in the right direction?


This is my shibboleth-identity-provider-3.2.1/embedded/jetty-base/etc/jetty.xml:

    <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">

      <Set name="secureScheme">https</Set>

      <Set name="securePort"><Property name="jetty.secure.port" default="443" /></Set>

      <Set name="outputBufferSize"><Property name="jetty.output.buffer.size" default="32768" /></Set>

      <Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="8192" /></Set>

      <Set name="responseHeaderSize"><Property name="jetty.response.header.size" default="8192" /></Set>

      <Set name="sendServerVersion"><Property name="jetty.send.server.version" default="true" /></Set>

      <Set name="sendDateHeader"><Property name="jetty.send.date.header" default="false" /></Set>

      <Set name="headerCacheSize">512</Set>

      <Call name="addCustomizer">

        <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>

      </Call>

    </New>


    <Call name="addConnector">

      <Arg>

        <New class="org.eclipse.jetty.server.ServerConnector">

          <Arg name="server"><Ref refid="Server" /></Arg>

          <Arg name="factories">

            <Array type="org.eclipse.jetty.server.ConnectionFactory">

              <Item>

                <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>

              </Item>

              <Item>

                <New class="org.eclipse.jetty.server.HttpConnectionFactory">

                  <Arg name="config"><Ref refid="httpConfig" /></Arg>

                </New>

              </Item>

            </Array>

          </Arg>

          <Set name="host"><Property name="jetty.nonhttps.host" default="localhost" /></Set>

          <Set name="port"><Property name="jetty.nonhttps.port" default="8080" /></Set>

          <Set name="idleTimeout"><Property name="http.timeout" default="30000" /></Set>

          <Set name="soLingerTime"><Property name="http.soLingerTime" default="-1"/></Set>

        </New>

      </Arg>

    </Call>


Regards,
Ryan

Back to the top