Delegated Auth with
Eric Dalquist
eric.dalquist at doit.wisc.edu
Thu Nov 3 17:19:31 GMT 2011
We turned on mod_log_forensic and see the following for the request in
the forensic log:
+22677:4eb2cc10:13|GET /secure/printenv
HTTP/1.1|Host:my-dev.doit.wisc.edu|Connection:Keep-Alive|Accept:application/vnd.paos+xml|PAOS:ver="urn%3aliberty%3apaos%3a2003-08";"urn%3aoasis%3anames%3atc%3aSAML%3a2.0%3aprofiles%3aSSO%3aecp"
That seems to show the PAOS header coming through as expected. Is there
any way to turn up logging for mod_shib and/or the SP so that it dumps
out what it is seeing for headers?
-Eric
On 11/02/2011 11:31 AM, Cantor, Scott wrote:
> On 11/2/11 12:10 PM, "Eric Dalquist"<eric.dalquist at doit.wisc.edu> wrote:
>
>> We had it working about a year ago but never rolled it out passed test
>> environments. When we got it working I think we were on 2.3.1 for the SP
>> and 2.2.1 for the IdP. We're on 2.4.3 for the SP and 2.3.2 for the IdP
>> now.
> The SP has a bug when you use the new<SSO> syntax, but you're not doing
> that here, so the ECP support is basically the same as it was.
>
>> Just out of curiosity, what version of the SP is that
>> site running?
> 2.4.2 apparently.
>
>> Any tips for things we should look for in our Apache
>> config that could be preventing the headers from getting passed to the SP?
> I have to think they're getting broken out ahead of it. All you could
> probably do there is try and log them, maybe, or dump them out with a test
> script to see if it sees them.
>
> The code doesn't "fall back" to non-ECP if the headers are there. I just
> checked that specifically. There are various errors it will throw out if
> it thinks it's an ECP client and then finds anything wrong, so the problem
> should be with the headers.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7430 bytes
Desc: S/MIME Cryptographic Signature
Url : http://shibboleth.net/pipermail/users/attachments/20111103/107eaccf/attachment-0001.bin
More information about the users
mailing list