In our intranet configuration, we have idp and sp on the same server behind the loader balancer.
The configuration of the balancer is designed to increase performance of server, so the SSL encoding is done by the load balancer.
The client talks with LB on port 443, LB talks with servers on port 80.
Idp is deployed under tomcat, apache invokes tomcat by mod_jk.
In apache we have setted ServerName to
https://examples.org:443 and UseCanonicalName to On, we receive this error by idp:
16:21:50.060 - DEBUG [org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder:190] - Checking SAML message intended destination endpoint against receiver endpoint
16:21:50.061 - DEBUG [org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder:209] - Intended message destination endpoint:
https://example.org/idp/profile/SAML2/Redirect/SSO
16:21:50.061 - DEBUG [org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder:210] - Actual message receiver endpoint:
http://example.org/idp/profile/SAML2/Redirect/SSO
16:21:50.062 - ERROR [org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder:214] - SAML message intended destination endpoint '
https://example.org/idp/profile/SAML2/Redirect/SSO' did not match the recipient endpoint '
http://www-svil.inarcassa.it/idp/profile/SAML2/Redirect/SSO'
16:21:50.064 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:337] - Message did not meet security requirements
org.opensaml.xml.security.SecurityException: SAML message intended destination endpoint did not match recipient endpoint
Where we wrong?
Thank you