Multiple SPs do not benefit from SSO
Chad La Joie
lajoie at itumi.biz
Wed Feb 1 10:27:58 GMT 2012
Well, first, your IdP need to be upgraded.
Then, turn on debugging for the IdP and look at your logs. It should
tell you why it not using the existing authentication method in order
to respond to your second SP.
On Wed, Feb 1, 2012 at 04:20, MA Lanxin <ma at ihep.ac.cn> wrote:
> Dear all,
>
> I encountered a problem when I deploy shibboleth. Could anybody help me?
>
> I have one IDP(version 2.1) with UserPassword mothed against LDAP.
> I have several web contents that I want to protect in different hosts,
> and integrated SP 2.4.3 with Apache at each host. I have no DS currently.
>
> for example:
>
> https://sp1.ihep.ac.cn/secure
> https://sp2.ihep.ac.cn/app
>
>
> I passed the SSO authentication when I access
>
> https://sp1.ihep.ac.cn/secure
>
> I could get user's information(username,email,telephone,......) from apache header.
> After this,I access another one at the same browser
>
> https://sp2.ihep.ac.cn/app
>
> It redirected to the authentication page requesting to type username/password.
> It seems that it do not benefit from SSO when I access sp2. If I understood correctly,
> it should not re-authenticate.
>
> I do not configure "forceAuthn" on my SPs.
> Here is the configure in shibboleth2.xml on SP1 and SP2
>
> <SSO entityID="https://idp.ihep.ac.cn/idp/shibboleth">
> SAML2 SAML1
> </SSO>
>
> Here is the configuration in apache on sp1
> <Location /secure>
> AuthType shibboleth
> ShibRequestSetting requireSession 1
> require valid-user
> </Location>
>
>
> This is the configuration in apche on sp2
> <Location /app>
> AuthType shibboleth
> ShibRequestSetting requireSession 1
> require valid-user
> </Location>
>
> DO I miss some configuration on IDP or SP?
>
> THank you very much!!
>
> REgards,
> Lanxin
>
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
--
Chad La Joie
www.itumi.biz
trusted identities, delivered
More information about the users
mailing list