Is it possible to have a common Shibboleth SP configured at a single place(like at any middleware) and all application which resides in different domain in different server can use it for sso authentication.And all the application can communicate among themselves via common SP. Do you see any fault in this design ?
Asked
Active
Viewed 1,496 times
1 Answers
0
To be most efficient, the SP needs to be installed on the same host as the web application. Multiple physical SPs can have identical entityIDs/configurations/metadata - effectively becoming a single logical SP for your organization, which exists on all of your webservers needing SSO authentication.
See the Shib doc explaining the difficulty involved with having web applications protected by a Service Provider operating on a separate physical server.
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPOneMany
HOG Wild
- 208
- 1
- 8