[Shib-Users] Cluster Shibboleth SP with Shared Process

1,641 views
Skip to first unread message

Nikethan Nagula Raja

unread,
Jan 25, 2010, 8:39:34 PM1/25/10
to shibbole...@internet2.edu
Our configuration has two web servers (WEB1 and WEB2) and we don't
want to enable stickiness at the load balancer level. So we have
decided to use SP clustering with shared shibd process. So I have
configured shibboleth2.xml file on the WEB1 host with the following
line and started the deamon with out any problem.

<TCPListener address="W.W.W.W" port="1600" acl="W.W.W.W X.X.X.X"/>

Where W.W.W.W is the IP Address of WEB1
X.X.X.X is the IP address of WEB2

Now I would like to configure apache with loaded mod_shib_22.so on
WEB2 to connect to shibd process on WEB1. How do I do that ?


Thanks,

Nikethan
312 953 7538

Scott Cantor

unread,
Jan 25, 2010, 8:48:21 PM1/25/10
to shibbole...@internet2.edu
Nikethan Nagula Raja wrote on 2010-01-25:
> Our configuration has two web servers (WEB1 and WEB2) and we don't
> Now I would like to configure apache with loaded mod_shib_22.so on
> WEB2 to connect to shibd process on WEB1. How do I do that ?

Using the same XML.

-- Scott


nike...@us-buxton.com

unread,
Jan 26, 2010, 2:49:49 PM1/26/10
to shibbole...@internet2.edu
Scott,

When I use the same XML I get the following error in shibd.log

2010-01-26 01:07:23 ERROR Shibboleth.Listener : socket call resulted in error (99): no message
2010-01-26 01:07:23 CRIT Shibboleth.Listener : failed to bind to socket.

-Nikethan

Scott Cantor

unread,
Jan 26, 2010, 3:01:23 PM1/26/10
to shibbole...@internet2.edu

If it's not binding, that's not anything I can diagnose for you, but why are
you running shibd on a box that's trying to use a remote instance of the
service? The client end doesn't call bind, only the shibd half does.

-- Scott


nike...@us-buxton.com

unread,
Jan 26, 2010, 6:03:43 PM1/26/10
to shibbole...@internet2.edu
Scott,

I should not have started that shibd on web2. That was my bad.

Now If I use apache only on web2 and shibd on web1. The user is redirected after authentication to http://web2.example.org instead of http://lms.example.org (load balncer domain name)

ServerName in httpd.conf for web1 and web2 is set to lms.example.org

But If I have apche and shibd on web1 running and web2 apache shutdown, every thing works fine.

Both web1 and web2 apache are configured exactly same. (they are rsynced copies). Even the shibboleth config files are identical.

Any idea why apache on web2 is redirecting to web instead of lms.example.org ?

-Nikethan

Scott Cantor

unread,
Jan 26, 2010, 7:44:53 PM1/26/10
to shibbole...@internet2.edu
nike...@us-buxton.com wrote on 2010-01-26:
> ServerName in httpd.conf for web1 and web2 is set to lms.example.org

If that's true, then it has to be coming from some setting you created. I'd
look at homeURL in the SP and perhaps the ACS endpoints in the metadata.

> Any idea why apache on web2 is redirecting to web instead of
> lms.example.org ?

You have to be telling it to, basically. There has to be a reference to that
hostname somewhere.

-- Scott

Reply all
Reply to author
Forward
0 new messages