Enabling ECP in SP 2.4.3

Tom Mitchell tmitchel at bbn.com
Sat Sep 10 13:25:47 BST 2011 

Thanks, Chad.

I can't repeat what I thought I was seeing on the paths ("/secure/" vs. "/secure/env.php"). They both clearly work now.

Thanks again, I appreciate the help,
Tom

On Sep 10, 2011, at 7:36 AM, Chad La Joie wrote:

> A user-agent can make a request to any resource but part of configuring the SP is indicating which resources you want protected.  The example configurations (and examples in the docs) protected the path '/secure'.  But that's only an example.  You could protect the whole site, just the login page, '/content' but not '/content/images' and '/content/css,'; whatever makes sense for your use case.  I don't recall you saying which web server you're using so I can't tell you where exactly to look, but a good place to start in the documentation would be here:  https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRequestMap
> 
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
> 
> On Sep 10, 2011, at 7:24 AM, Tom Mitchell wrote:
> 
>> 
>> On Sep 9, 2011, at 8:31 PM, Cantor, Scott wrote:
>> 
>>> On 9/9/11 8:16 PM, "Tom Mitchell" <tmitchel at bbn.com> wrote:
>>>> 
>>>> Finally, I see the open bug (SSPCPP-371) with what amounts to the same
>>>> information. I tried the additional suggestion by Scott Cantor (adding
>>>> ECP="true") to the SSO tag and that doesn't seem to work.
>>> 
>>> Also does.
>> 
>> You're right, it does.
>> 
>>>> I am using two methods to test: the sample bash ECP client script
>>>> (ecp.sh) on the Contributions wiki page, and manual testing using curl
>>>> (based on ecp.sh and a cursory read of the relevant portion of the spec).
>>>> What I see instead of an ECP-like response from my SP is the HTML
>>>> redirecting to my discovery service.
>>>> 
>>>> Any suggestions? Tips? Pointers?
>>> 
>>> Well, you're not sending the right HTTP headers, basically. If they're
>>> sent, it will work.
>> 
>> Actually, I think I was sending the right headers (Accept and PAOS), copied right out of the spec. But I was fetching the wrong URL. The example in the spec (Sec. 2.3.1.1) shows a fetch of "/secure/". I was trying to fetch an application page ("/secure/env.php"). Switching to "/secure/" allowed both my manual test and the ecp.sh script to work.
>> 
>> Maybe I'm just not good at reading specs, but section 2.3.1 says "the client makes an arbitrary HTTP request to a service provider for a resource". So I thought it was reasonable to request my application page instead of the literal "/secure/". What did I miss?
>> 
>> Thanks,
>> Tom
>> 
>> --
>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list