[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: v2 Cartridge Question

Hi Braswell,

What you can try to do is to enable ssl_to_gear and then review the port mapping in the environment. You can review how Sebastian has done that for the Websphere Admin Console that had to use the same workaround. I am not sure if that really helps you but at least it gives you an idea.


and to access the https port see



Juergen Hoffmann
Senior Enterprise Solution Architect
Team Lead Infrastructure Solution Architects DACH

Red Hat GmbH
60308 Frankfurt

Office: +49 69 - 365051 - 025 (internal: 75025)
Cell: +49 172 - 678 35 02
Fax: +49 69 365051 - 001

Delivering value year after year

Red Hat ranks #1 in value among software vendors


Red Hat GmbH, http://www.de.redhat.com
Registered seat: Grasbrunn, 
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Charles Peters

On 13.05.2015, at 17:32, Braswell, Stephen <stephen unc edu> wrote:

Hi everyone,

I wanted to followup to see if anyone had any ideas on this.  I've continued to try various things but have not had any success.



On May 8, 2015, at 2:41 PM, Braswell, Stephen <stephen unc edu> wrote:

Hi everyone,

So I'm developing a custom v2 cartridge to add our single sign-on solution (Shibboleth) to our OpenShift Enterprise environment.  Shibboleth has an Apache module component that connects to a daemon that runs in the background.  I've worked around all of the issues there are with how the Apache module bit is another "web technology" cartridge but there is one piece that I'm unable to resolve.

Shibboleth is expecting the URL scheme to be https all the way through but the front end proxy at the node is terminating SSL so the backend URL scheme is http.  In a standard Apache environment with a load balancer/SSL terminator, there are mechanisms to deal with this by setting Apache directives but those only work in <VirtualHost> stanzas.  I tried to fake things out using either 'tohttps' or 'ssl_to_gear' in the manifest but since Shibboleth doesn't have an HTTP-based service listening on the backend (Apache module is in main running httpd) so I haven't been able to get that working.

Does any have any ideas on how to get https all the way through or at least fake it out so Shibboleth thinks it is https?  Hopefully my explanation of the situation makes sense.

Thanks for any ideas,


dev mailing list
dev lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]