I hope I will find my solution here. I have a production environment with 4 Windows servers, and each server hosts 4 applications within IIS. Each application is hosted as a separate site, and each has a specific port. I need to protect only one of all these applications with Shibboleth. This application I want to protect has a binding setup without a hostname, just a specified port, port 8445 (added hostname inside shibboleth2.xml file and that works). This setup is the same on each of the 4 servers. All 4 servers are part of a load balancer server, which receives the request via a certain domain name, on port 443, and redirects the request to a specific server/port - in this case, port 8445. The problem arises because the IdP must target the domain name of the application which is on the default port 443, but my SP generates metadata on port 8445. And then, in the case of sending a request to the IdP, my SP generates an AuthenticationRequest like: https://myDomainName.com:8445/Shibboleth.sso/SAML2/POST And I sent to IdP edited metadata, not generated, which are actually correct, which is actually the NLB: https://myDomainName.com/Shibboleth.sso/SAML2/POST Those two are not the same urls and that's where the problem arises. How to configure Shibboleth SP without touching the current infrastructure or NBL configuration? I am stuck, and the deadline is in sight! P.S: Im using Shibboleth SP 3
Tried everything I know, I have read offical documentation but did'nt find any help.