Delegated Auth with
eric.dalquist at doit.wisc.edu
Thu Nov 3 17:19:31 GMT 2011
We turned on mod_log_forensic and see the following for the request in
the forensic log:
That seems to show the PAOS header coming through as expected. Is there
any way to turn up logging for mod_shib and/or the SP so that it dumps
out what it is seeing for headers?
On 11/02/2011 11:31 AM, Cantor, Scott wrote:
> On 11/2/11 12:10 PM, "Eric Dalquist"<eric.dalquist at doit.wisc.edu> wrote:
>> We had it working about a year ago but never rolled it out passed test
>> environments. When we got it working I think we were on 2.3.1 for the SP
>> and 2.2.1 for the IdP. We're on 2.4.3 for the SP and 2.3.2 for the IdP
> The SP has a bug when you use the new<SSO> syntax, but you're not doing
> that here, so the ECP support is basically the same as it was.
>> Just out of curiosity, what version of the SP is that
>> site running?
> 2.4.2 apparently.
>> Any tips for things we should look for in our Apache
>> config that could be preventing the headers from getting passed to the SP?
> I have to think they're getting broken out ahead of it. All you could
> probably do there is try and log them, maybe, or dump them out with a test
> script to see if it sees them.
> The code doesn't "fall back" to non-ECP if the headers are there. I just
> checked that specifically. There are various errors it will throw out if
> it thinks it's an ECP client and then finds anything wrong, so the problem
> should be with the headers.
> -- Scott
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7430 bytes
Desc: S/MIME Cryptographic Signature
Url : http://shibboleth.net/pipermail/users/attachments/20111103/107eaccf/attachment-0001.bin
More information about the users