I’m installing shib IdP v3.2.1 on ubuntu14.04 with jetty v9.3.9. This will be behind load balancers, F5 bigip v11.5.3. SSL will be terminated at the load balancer, ie:
2016-06-22 08:31:53,704 - ERROR [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:200] - Message Handler: SAML message intended destination endpoint 'https://myidp.mydomain.ca/idp/profile/SAML2/Redirect/SSO' did not match the
recipient endpoint 'http://myidp.mydomain.ca/idp/profile/SAML2/Redirect/SSO'
I’ve added the required configuration to offload TLS and the load balancer is inserting X-Forwarded-For (<clientIP) and X-Forwarded-Proto (https), but I’m still getting the error.
I’m new to jetty. Can someone point me in the right direction?
This is my shibboleth-identity-provider-3.2.1/embedded/jetty-base/etc/jetty.xml:
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme">https</Set>
<Set name="securePort"><Property name="jetty.secure.port" default="443" /></Set>
<Set name="outputBufferSize"><Property name="jetty.output.buffer.size" default="32768" /></Set>
<Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="8192" /></Set>
<Set name="responseHeaderSize"><Property name="jetty.response.header.size" default="8192" /></Set>
<Set name="sendServerVersion"><Property name="jetty.send.server.version" default="true" /></Set>
<Set name="sendDateHeader"><Property name="jetty.send.date.header" default="false" /></Set>
<Set name="headerCacheSize">512</Set>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
</Call>
</New>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.nonhttps.host" default="localhost" /></Set>
<Set name="port"><Property name="jetty.nonhttps.port" default="8080" /></Set>
<Set name="idleTimeout"><Property name="http.timeout" default="30000" /></Set>
<Set name="soLingerTime"><Property name="http.soLingerTime" default="-1"/></Set>
</New>
</Arg>
</Call>