使用Azure Application Gateway(带有WAF)使用Shibboleth SSO保护服务器吗? [英] Use Azure Application Gateway (with WAF) to protect servers using Shibboleth SSO?
问题描述
是否有人成功配置了应用程序网关来保护运行Shibboleth SSO的服务器?
我正在尝试进行设置,但遇到麻烦.
Has anyone successfully configured an Application Gateway to protect servers running Shibboleth SSO?
I'm attempting to set this up but running into trouble.
到目前为止,除shibboleth之外,我已经能够在网关上使用ssl卸载来进行所有操作
没有主机标头.
我最初可以访问该网站的登录页面,并且在访问受shibboleth保护的页面时,系统会提示我进行身份验证.但是,身份验证过程尚未完成.而是弹出一个带有一般错误的网页
消息.
我敢肯定这是因为我没有在此配置的IIS绑定中使用主机头,所以shibboleth不知道将返回流量发布到何处.
So far, I've been able to get everything but shibboleth working using ssl offload at the gateway
without host headers.
I'm able to initially get to the landing page of the web site, and when accessing a page protected by shibboleth I am prompted to authenticate. However, the authentication process does not complete. Instead, a web page pops up with a generic error
message.
I'm sure this is happening because I am not using host headers in the IIS bindings for this configuration, so shibboleth doesn't know where to post the return traffic.
如果我尝试使用主机头,则在初始访问时我会立即收到502错误.我猜这是由于dns/fqdn设置冲突引起的,但不确定.
例如,我有一个指向网关ip地址的网站的cname,但是由于我对网站主机标头使用相同的dns名称,因此感到困惑.至少,我认为这是正在发生的事情,但确实不确定.
If I try to use host headers, I immediately get the 502 error on initial access. I'm guessing this is due to conflicting dns/fqdn settings but not sure.
For example, I have a cname for the website pointing to the gateway ip address, but since I'm using the same dns name for the web site host header, it gets confused. At least, that's what I think is happening but really not sure.
如果有人对如何做到这一点有任何建议,我将非常感激.
If anyone has advice for how to go about this I'd be very grateful.
预先感谢
推荐答案
与Azure AD集成,Azure WAF 将仅对您的Web应用程序提供集中保护.如果需要保护托管在Azure VM上的服务器,则可能需要应用其他Azure 安全服务.
To help you better we need some more details like how you are trying to set up this is you hosting Shibboleth server on Azure VM or integrating with Azure AD, Azure WAF will provide centralized protection of your web applications only. If you need to secure your server that hosted on Azure VM you might need to apply different Azure security service.
这篇关于使用Azure Application Gateway(带有WAF)使用Shibboleth SSO保护服务器吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
