[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: Remote SP Server
From: "Cantor, Scott via users" <users () shibboleth ! net>
Date: 2023-08-30 17:54:16
Message-ID: 43631DCA-A2DE-477D-B64E-DFC2227826D6 () osu ! edu
[Download RAW message or body]
> Thank you Scott! I kind of figured this out, but wanted to check. Basically, I
> have about 60 customers on AWS servers and am trying to make it easier to
> deploy these servers from an AMI.
AWS more or less solves your private network problem, but...
Some of the configuration is only needed on the shibd side, but there is a \
non-trivial amount still required to operate the filter and there is no support for \
directly installing only that portion.
Finally, for this to work at all, you have to avoid a naïve protection strategy and \
limit the protected resources to the bare minimum so that the traffic to shibd is \
infrequent, usually just an entry point.
If you protect a page with a bunch of images and Javascript files, and turn it into \
50 requests to the server, every one of those hits shibd and your system will grind \
to a halt because all networks are insanely slow when compared to loopback latency.
-- Scott
--
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic