2.4.0 Shibboleth Identity Server的install.sh安装完成后,创建了idp-metadata.xml文件。为什么呢?使用标准HTTPS/443端口不够安全吗?
<ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.example.com:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
<ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.com:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.com:8443/idp/profile/SAML2/SOAP/SLO" />
<AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.example.com:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.com:8443/idp/profile/SAML2/SOAP/AttributeQuery"/>
谢谢,Tamas
使用Linux,像"tomcat"这样的非特权用户不能绑定1024以下的端口。前端负载均衡器(如Apache和Nginx)以root用户启动,绑定到特权端口,如端口80和端口443。常见的设置包括在非特权端口上运行Tomcat实例,如8080或8443,然后通过Apache或Nginx代理该端口。