Discussion:
HAProxy / shibboleth ( SP ) authentication question
Imam Toufique
2018-10-13 08:26:21 UTC
Permalink
Hello,

I have been searching for an answer whether HAProxy can forward
authentication request from shibboleth SP.

Here is my proposed setup for delivering some web contents.

A. load balancer is HAPorxy
B. 3 web servers behind HA proxy

-- > clients go to the proxy address: https://example.com

--> shibboleth SP is installed on the LB node ( where HA proxy is running )
--> HAPorxy will call in shibboleth for authentication

--> 'valid-user' will be passed through HAProxy to the web server

--> user will be granted access to the site.

I am not sure if HAProxy has anything more then basic
authentication support. At least I could not find anything.

any feedback on this will be appreciated, very much.

thanks
Gibson, Brian (IMS)
2018-10-13 10:42:27 UTC
Permalink
I have experience with this. The main concern is that shibboleth needs to retain shared session data between all the service provider instances. I accomplished this with a postgres database. If you'd like more information you can contact me off line from the haproxy list since it's not really related.

Sent from Nine<http://www.9folders.com/>
________________________________
From: Aleksandar Lazic <al-***@none.at>
Sent: Saturday, October 13, 2018 5:23 AM
To: Imam Toufique; haproxy
Subject: Re: HAProxy / shibboleth ( SP ) authentication question

Hi.
Post by Imam Toufique
Hello,
I have been searching for an answer whether HAProxy can forward authentication
request from shibboleth SP.
With SP you mean Service Provider, right?

https://wiki.shibboleth.net/confluence/display/SP3
Post by Imam Toufique
Here is my proposed setup for delivering some web contents.
A. load balancer is HAPorxy
B. 3 web servers behind HA proxy
-- > clients go to the proxy address: https://example.com
--> shibboleth SP is installed on the LB node ( where HA proxy is running )
--> HAPorxy will call in shibboleth for authentication
--> 'valid-user' will be passed through HAProxy to the web server
--> user will be granted access to the site.
I am not sure if HAProxy has anything more then basic authentication support.
At least I could not find anything.
any feedback on this will be appreciated, very much.
I think the https://github.com/TimWolla/haproxy-auth-request could help here the
"Doc" is here https://bl.duesterhus.eu/20180119/ .
Post by Imam Toufique
thanks
Regards
Aleks


________________________________

Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.
Loading...