Multiple SPs do not benefit from SSO

Chad La Joie lajoie at itumi.biz
Wed Feb 1 10:27:58 GMT 2012


Well, first, your IdP need to be upgraded.

Then, turn on debugging for the IdP and look at your logs.  It should
tell you why it not using the existing authentication method in order
to respond to your second SP.

On Wed, Feb 1, 2012 at 04:20, MA Lanxin <ma at ihep.ac.cn> wrote:
> Dear all,
>
> I encountered a problem when I deploy shibboleth. Could anybody help me?
>
> I have one IDP(version 2.1) with UserPassword mothed against LDAP.
> I have several web contents that I want to protect in different hosts,
> and integrated SP 2.4.3 with Apache at each host. I have no DS currently.
>
> for example:
>
> https://sp1.ihep.ac.cn/secure
> https://sp2.ihep.ac.cn/app
>
>
> I passed the SSO authentication when I access
>
> https://sp1.ihep.ac.cn/secure
>
> I could get user's information(username,email,telephone,......) from  apache header.
> After this,I access another one at the same browser
>
> https://sp2.ihep.ac.cn/app
>
> It redirected to the authentication page requesting to type username/password.
> It seems that it do not benefit from SSO when I access sp2. If I understood correctly,
> it should not re-authenticate.
>
> I do not configure "forceAuthn" on my SPs.
> Here is the configure in shibboleth2.xml on SP1 and SP2
>
>  <SSO entityID="https://idp.ihep.ac.cn/idp/shibboleth">
>              SAML2 SAML1
>            </SSO>
>
> Here is the configuration in apache on sp1
> <Location /secure>
>  AuthType shibboleth
>  ShibRequestSetting requireSession 1
>  require valid-user
> </Location>
>
>
> This is the configuration in apche on sp2
> <Location /app>
>  AuthType shibboleth
>  ShibRequestSetting requireSession 1
>  require valid-user
> </Location>
>
> DO I miss some configuration on IDP or SP?
>
> THank you very much!!
>
> REgards,
> Lanxin
>
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net



-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered


More information about the users mailing list