Delegated Auth with
Eric Dalquist
eric.dalquist at doit.wisc.edu
Tue Nov 1 16:00:26 GMT 2011
We're trying to get delegated auth working with SP 2.4.3 and having no
luck. We get to step 8 on the call diagram here:
https://spaces.internet2.edu/display/ShibuPortal/Configuring+Shibboleth+Delegation+for+a+Portal
Watching the portlet's HTTP wire traffic the portlet is correctly
specifying the PAOS header and the Accept header is set to
application/vnd.paos+xml The problem is the target server just treats
the request like any other web request. We've turned up logging in the
target SP and Apache and don't see any hints.
I've attached the shibboleth2.xml config for the delegation target SP
and the RelayingParty blocks from the IDP. In this case the portal SP is
my-predev and the delegation target is j2eedev.
Here is the request from the portlet to the delegation target SP and the
target's response:
GET /secure/printenv HTTP/1.1
Host: j2eedev.doit.wisc.edu
Connection: Keep-Alive
Accept: application/vnd.paos+xml
PAOS:
ver="urn:liberty:paos:2003-08";"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
HTTP/1.1 302 Found
Date: Tue, 01 Nov 2011 15:39:45 GMT
Server: Apache/1.3.31 (Unix) mod_jk/1.2.15 mod_pubcookie/3.3.0a
mod_ssl/2.8.18 OpenSSL/0.9.7d
Set-Cookie:
_shibstate_f664402f=https%3A%2F%2Fj2eedev.doit.wisc.edu%2Fsecure%2Fprintenv;
path=/
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Cache-Control: private,no-store,no-cache,max-age=0
Location:
https://logintest.wisc.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZLNbsIwEIRfJfKdmIQQBYtESuFQJFoQSXvopXLiBVwZO%2FU60L59w08LvSD5trMzO588Rr5TDctbt9Ur%2BGwBnfe1UxrZaZCS1mpmOEpkmu8AmatZkT%2FNWej3WWONM7VRxMsRwTpp9MRobHdgC7B7WcPLap6SrXMNMko%2FQgABe18Y6fyDxNoH0dJiK6vKKHBbH9HQo3lIl4uiJN60u0ZqfvS9uiizkdp1k6uFFA3tbllLBZf9FQhpoXa0KBbEm01T8p5UYVINAxjEEY%2F5Wog4TqJRFParWARJUHcyxBZmGh3XLiVhPwh63esHZTBkgxGLhm%2FEW14qP0gtpN7c51OdRcgey3LZO3d6BYunPp2AZOMjZXYKtjfc79vyX9gku48W%2F9CO6U3QObVhz53zbLo0StbfXq6UOUwscAcpCQjNziv%2Fv0b2Aw%3D%3D&RelayState=cookie%3Af664402f
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shibboleth2.xml
Type: text/xml
Size: 18784 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20111101/9cfdcd8e/attachment-0002.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: relyingPartySnippet.xml
Type: text/xml
Size: 2010 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20111101/9cfdcd8e/attachment-0003.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7430 bytes
Desc: S/MIME Cryptographic Signature
Url : http://shibboleth.net/pipermail/users/attachments/20111101/9cfdcd8e/attachment-0001.bin
More information about the users
mailing list