Shibboleth 2.5 with sessionHook

laino_f at laino_f at
Mon Nov 5 17:44:14 EST 2012


i have some problems with shibboleth 2.5 when i use sessionHook option:


<ApplicationOverride  sessionHook="/e-s/pS/Shibboleth.sso/AttrChecker" id="eS" 
policyId="default" entityID="/e-s/pS/Shibboleth" signing="true" encryption="
false" homeURL="/e-s/pS">
        <Sessions lifetime="28800" timeout="3600" checkAddress="false" 
handlerURL="/e-s/pS/Shibboleth.sso" handlerSSL="false"
            exportLocation="/GetAssertion" exportACL="" idpHistory="
false" idpHistoryDays="7">

                <SessionInitiator type="Chaining" Location="/Login" isDefault="
true" id="Intranet" entityID="">
                        <SessionInitiator type="Shib1" acsIndex="5"/>

          <Handler type="AttributeChecker" Location="/AttrChecker" template="
                attributes="saml_attribute_codfiscale" flushSession="true" />

Without this option everything works correctly, but if i insert the previous 
part i have some errors.

In particular, if i insert in the  <Handler type="……….   attributes="……….>:
-  attributes that do not exist, it's correctly opened the error page; 
- differently, if i insert attributes that really exist, i.e. attributes="
saml_attribute_codfiscale", the destination URL is not correctly composed and 
it's not possible to find it in the server, in the log file i have the 
following error:

name too long: access to /
3FcrsAndOtpAuth%3D%26friendlyName%3Dpdzecofin%26pippo%3D failed,

As you can see, there is a "/" before the URL, but i don't understand why. I 
think that the problem is related with this composition.


More information about the users mailing list