Shibboleth + IIS and Pound Reverse Proxy

Posted by boburob on Server Fault See other posts from Server Fault or by boburob
Published on 2012-11-08T09:25:34Z Indexed on 2013/06/29 16:23 UTC
Read the original article Hit count: 392

Filed under:

iis

|

adfs

|

pound

|

shibboleth

Having a bit of a problem getting Shibboleth (SSO) working with ADFS and Pound.

The main problem seems to be that:

The website address will be https://website.domain.com
Pound will then terminate the SSL and forward the traffic to the webserver on a different port (http://server.domain.com:8888)

I have set up Shibboleth to protect the address http://server.domain.com:8888, which allows me to retrieve metadata and it all seems to be working fine. However the problem seems to be that ADFS is configured to protect the https website, so when Shibboleth attempts to recieve information from ADFS I get nothing except the following error:

A token request was received for a relying party identified by the key 
'https://msstagrevproxy.cwpintranet.com/shibboleth', but the request could not 
be fulfilled because the key does not identify any known relying party trust. 
Key: https://msstagrevproxy.cwpintranet.com/shibboleth

I am not really sure how I can work around this as to retrieve the metadata from Shibboleth I have to use the https address but this does not actually exist in Shibboleth or IIS.

Has anyone had any experience with this before or using any other SSO with a reverse proxy that works?

© Server Fault or respective owner

Related posts about iis

How to find and fix issue with Pound and HAProxy

as seen on Server Fault - Search for 'Server Fault'
Pound sits in front of HAProxy (on the same box) to perform SSL off-load. Requests are passed to 127.0.0.1:80 where HAProxy then balances the requests across backend servers for a hosted ASP .NET web app. A user is getting HTTP error 500 (Internal Server Error) returned to their browser this morning… >>> More
How to migrate deploy RESTful WCF Web Service from IIS 6.0 to IIS 7.0

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi all, I have a WCF Restful Web Service. It works find under VS and IIS 6.0. Now I want to move it to another work station with IIS 7.0 on it. I tried to copy all the deploy file from IIS 6 to IIS 7, but it cannot be accessed by other client, except for the request from it's own machine. I don't… >>> More
Server with IIS and Apache - how to SSL encrypt Apache with IIS

as seen on Server Fault - Search for 'Server Fault'
I have a Windows Server 2003 box already setup and working with IIS 6. IIS is set to serve a site out over both HTTP and HTTPS connections using default ports. For various reasons I need to set Apache up on the same server and it needs to serve its pages to end-users as SSL encrypted HTTPS pages… >>> More
Having IIS remote management problem with my vista machine managing Server 2008 IIS 7.5

as seen on Server Fault - Search for 'Server Fault'
I am trying to use IIS 7 Remote Management installed on Vista Ultimate SP1. Connection is to IIS 7.5 on Windows Server 2008 Webserver R2. Tried on both full & core install. When I connect up, the console wants to download and install new features. Microsoft.Web.Management.IisClient 7.5.0.0 Microsoft… >>> More
MVC4 App opens with directory listing and gives a 404 for any direct URL's entered in the browser

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I've just deployed a previously (on my local IIS) working MVC4 app to IIS 7.5 on the dev server. After tweaking this and that - one knows how these things get forgotten - the app finally launches, but shows a directory listing of the app root. Clicking on most links there works, opening the directory… >>> More

Related posts about adfs

WIF, ADFS 2 and WCF–Part 3: ADFS Setup

as seen on Least Privilege - Search for 'Least Privilege'
In part 1 of this series I briefly gave an overview of the ADFS / WS-Trust infrastructure. In part 2 we created a basic WCF service that uses ADFS for authentication. This part will walk you through the steps to register the service in ADFS 2. I could provide screenshots for all the wizard… >>> More
ADFS in Asp.Net

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi All, Suggest me with some informative links about working with ADFS in Asp.Net 3.5 and its related downloads. >>> More
ADFS 2.1 proxy trust establishment error

as seen on Server Fault - Search for 'Server Fault'
I'm trying to install an ADFS proxy. In our intranet we have a ADFS 2.1 server running on Windows 2012 which is working fine. Now we're trying to deploy a proxy to this one for internet access, using Windows 2012 R2's Web Application Proxy. I'm getting the following error on the proxy server, event… >>> More
Bind ADFS 2.0 service to a specific IP address

as seen on Server Fault - Search for 'Server Fault'
I have one server with ADFS-2.0 and a few websites on it. One of the websites is Dynamics CRM which listens on a specific IP address on port 443. Dynamics CRM provides a metadata file for configuration purposes which could be used to configure a relaying party trust with ADFS. It is accessible with… >>> More
How to install ADFS 3.0 in standalone mode?

as seen on Server Fault - Search for 'Server Fault'
I've installed Windows 2012 R2 and enabled the ADFS (3.0?) feature. After installation, it asks to configure ADFS, but this step requires a user account that is a domain administrator, as it wants to create certificate containers and SPN records. In ADFS 2.0, you could install in standalone mode… >>> More