When using Single Sign-on with stateless mode and/or ZDU, the following additional issues should be considered:
-
When the base URI is changed a new Relying Party will be needed in ADFS
-
The following values should reference the proxy server/load balancer, not the app server:
-
MPConfiguration.xml.vm (in depconfig/templates/jboss)
-
AppServerHost - The server name and port should reference the LB
The protocol can be either http or https
-
-
logonconfig.xml.tmpl (in depconfig/templates/jboss)
-
logonURL - The server name and port should reference the LB
The protocol can be either http or https
The @BASE_URI@ must remain in the string if a base URI is used
-
-
sp.xml.tmpl (in depconfig/templates/tomcat/servlets/sso)
-
The @EXT_HTTP_SERVER_NAME@:@EAM_HTTPS_PORT@ tokens should be replaced with the correct values for the proxy server
-
The protocol must be https
-
The @BASE_URI@ token must remain in the string if a base URI is used
-
-