Premature Login, and No peer endpoint

Cantor, Scott cantor.2 at
Sat Nov 19 04:55:02 GMT 2011

On Nov 18, 2011, at 7:28 PM, "KARL A. WOELFER" <kwoelfer at> wrote:
> We are using Confluence. Not sure what "running in a subdirectory" means.

Running confluence out of a subdirectory instead of the site root. Under /wiki in this case.

> Also not sure where to find metadata entries referenced below.

In the metadata you provide to IdPs or federations. I imagine you'll have to work that out with Jim/UW's local process.

> We have entries in shibboleth2.xml
> handlerURL="/wiki/Shibboleth.sso"

Which means your endpoints in metadata all live below that base, as they must if confluence itself is in /wiki. The plugin page notes that.

> We protect the /wiki location in httpd.conf (Apache2) with:

Confluence is normally not set up with the whole tree locked down by the SP, it usually is done via passive session, not by requiring one. You can remove the requireSession command.

> And our seraph-config.xml has these entries:

They're missing the /wiki prefix in the references to the SP handler. It should be /wiki/Shibboleth.sso/Login

> Where is/are the inconsistencies?

All of the above.

-- Scott

More information about the users mailing list