Menu
▾
▴
Re: [Unity-idm-discuss] Handle multiple certificates/domains for webserver part
|
From: Sander A. <sa....@fz...> - 2020-09-24 11:25:47
|
Dear Krzysztof, thanks for the feedback. When we started with our first unity, it did not work behind a reverse proxy. I'll give it a new try, when I find some time. Cheers, Sander On Thu, 2020-09-24 at 13:13 +0200, Krzysztof Benedyczak wrote: > Dear Sander, > > W dniu 23.09.2020 o 14:09, Sander Apweiler pisze: > > Dear Krzysztof, > > > > we switched in one of our instances the domain this summer. All > > connected services already use the new domain, but users still > > found > > the old domain and got a certificate mismatch warning from the > > browser. > > Because the different domains are owned by different centres, we > > can't > > use a certificate containing both domains. > > > > Is it possible to use two certificates and domain names in unity > > for > > the webserver part? SAML and OAuth should be still handled with one > > domain/entity ID. Separating webserver certificates from SAML/OAuth > > should be possible with different credential definitions. > > Technically it is possible. The feature you are asking for is SNI > extension of the TLS protocol. It is supported by Jetty and Java > which > Unity is using but Unity currently doesn't offer a way to setup > Jetty > with multiple credentials. > > We can have it implemented, however I can point you out to an > alternative solution: you can expose Unity behind a (reverse) proxy > server, like Apache. Unity supports it pretty well, we use it in > production often. Then you get access to all features of the Apache > (or > other) server, where you can setup for instance SNI. > > HTH > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ---------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
