为什么shibboleth IdP idp-metadata.xml建议使用8443 for SOAP?

时间:2014-06-03 15:25:48

标签: xml soap metadata shibboleth

在2.4.0 Shibboleth Identity Server的install.sh之后,创建了idp-metadata.xml文件。这是为什么?使用标准HTTPS / 443端口安全性不够吗?

    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.example.com:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.com:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.com:8443/idp/profile/SAML2/SOAP/SLO" />
    <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.example.com:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
    <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.com:8443/idp/profile/SAML2/SOAP/AttributeQuery"/>

谢谢,

的Tamas

1 个答案:

答案 0 :(得分:0)

使用Linux,一个非特权用户,例如&#34; tomcat&#34;无法绑定到1024以下的端口。像Apache和Nginx这样的前端负载均衡器以用户root身份启动,以绑定到端口80和端口443等特权端口。常见的设置包括在8080等无特权端口上运行Tomcat实例或8443然后通过Apache或Nginx代理该端口。

相关问题
最新问题