Premature Login, and No peer endpoint
KARL A. WOELFER
kwoelfer at u.washington.edu
Sat Nov 19 00:24:33 GMT 2011
Hi,
We are using Confluence. Not sure what "running in a subdirectory" means.
Also not sure where to find metadata entries referenced below.
We have entries in shibboleth2.xml
handlerURL="/wiki/Shibboleth.sso" exportLocation="http://localhost/wiki/Shibboleth.sso/GetAssertion"
Should the /wiki be removed here?
We protect the /wiki location in httpd.conf (Apache2) with:
<Location /wiki>
AuthType shibboleth
ShibRequireSession On
require valid-user
ShibUseHeaders On
require shibboleth
Order allow,deny
Allow from all
</Location>
And our seraph-config.xml has these entries:
<security-config>
<parameters>
<init-param>
<param-name>login.url<"/Shibboleth.sso/Login?target=https%3A%2F%2Fww
w.ibic.washington.edu${originalurl}">
<param-value>/login.action?os_destination=${originalurl}</param-valu
e>
</init-param>
<init-param>
<param-name>link.login.url<"/Shibboleth.sso/Login?target=https%3A%2F
%2Fwww.ibic.washington.edu${originalurl}">
<param-value>/login.action</param-value>
Where is/are the inconsistencies?
Thanks all,
- Karl
On Thu, 17 Nov 2011, Cantor, Scott wrote:
> On 11/17/11 1:57 PM, "Jim Fox" <fox at washington.edu> wrote:
>
>>
>> Your metadata is incorrect. You have entries such as:
>>
>> https://www.ibic.washington.edu/wiki/Shibboleth.sso/SAML2/POST
>>
>> which should be
>>
>> https://www.ibic.washington.edu/Shibboleth.sso/SAML2/POST
>
> What's correct depends on what's required. If you're using confluence, you
> can't have it running in a subdirectory unless the handler(s) live there
> too.
>
> Here, something at the root is being tested that isn't the wiki, and the
> SP is just doing its thing. And the SP hasn't been configured properly to
> use a custom handlerURL that lives in the right spot. So the metadata !=
> SP config. At least I'm guessing so.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
More information about the users
mailing list