[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: Remote SP Server
From:       "Cantor, Scott via users" <users () shibboleth ! net>
Date:       2023-08-30 17:54:16
Message-ID: 43631DCA-A2DE-477D-B64E-DFC2227826D6 () osu ! edu
[Download RAW message or body]

> Thank you Scott! I kind of figured this out, but wanted to check. Basically, I
> have about 60 customers on AWS servers and am trying to make it easier to
> deploy these servers from an AMI.

AWS more or less solves your private network problem, but...

Some of the configuration is only needed on the shibd side, but there is a \
non-trivial amount still required to operate the filter and there is no support for \
directly installing only that portion.

Finally, for this to work at all, you have to avoid a naïve protection strategy and \
limit the protected resources to the bare minimum so that the traffic to shibd is \
infrequent, usually just an entry point.

If you protect a page with a bunch of images and Javascript files, and turn it into \
50 requests to the server, every one of those hits shibd and your system will grind \
to a halt because all networks are insanely slow when compared to loopback latency.

-- Scott


-- 
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]