Aliases fail when shibboleth session has not be established.
Without an active shibboleth session, using the aliases poms, pomsdev or pomsint in the link https://poms.fnal.gov/poms/ produces the following error:
The system encountered an error at Wed Apr 18 09:34:53 2018
To report this problem, please contact the site administrator at firstname.lastname@example.org.
Please include the following message in any email:
opensaml::FatalProfileException at (https://pomsgpvm01.fnal.gov/Shibboleth.sso/SAML2/POST)
SAML response reported an IdP error.
Error from identity provider:
Message: Unknown AssertionConsumerServiceURL https://poms.fnal.gov/Shibboleth.sso/SAML2/POST
#3 Updated by Marc Mengel about 2 years ago
So doing testing on fermicloud045, the probblem is not what RewriteRules we had, it was where we had them. Some have to be out in the default host, (i.e. the ones that redirect to https: if SSL is not enabled), others have to be in the ssl.conf in the <VirtualHost> block for the SSL enabled server -- otherwise they don't happen.
So we need to do the same to pomsgpvm01 on our next downtime...