I: Shibboleth 2.5 with sessionHook

laino_f at libero.it laino_f at libero.it
Wed Nov 7 04:35:06 EST 2012


Please, can you help me,

i have some problems with shibboleth 2.5 when i use sessionHook option:


<ApplicationOverride  sessionHook="/e-s/pS/Shibboleth.sso/AttrChecker" id="
policyId="default" entityID="/e-s/pS/Shibboleth" signing="true" encryption="
false" homeURL="/e-s/pS">
<Sessions lifetime="28800" timeout="3600" checkAddress="false" handlerURL="/e-
s/pS/Shibboleth.sso" handlerSSL="false" 
exportLocation="/GetAssertion" exportACL="" idpHistory="false" 

<SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="
Intranet" entityID="https://idp.it//sauth">
<SessionInitiator type="Shib1" acsIndex="5"/>

<Handler type="AttributeChecker" Location="/AttrChecker" template="attrChecker.
attributes="saml_attribute_codfiscale" flushSession="true" />


Without this option everything works correctly, but if i insert the previous 
part i have some errors.

In particular, if i insert in the  <Handler type="... " attributes="..." > :
-  attributes that do not exist, it's correctly opened the error page; 
- differently, if i insert attributes that really exist, i.e. attributes="
the destination URL is not correctly composed and it's not possible to find it 
in the server, in the log file i have the 
following error:

name too long: access to /https%3A%2F%2Ferog.it%2Fe-s%2FpS%2FShibboleth.sso%
3FcrsAndOtpAuth%3D%26friendlyName%3Dpdzecofin%26pippo%3D failed,

As you can see, there is a "/" before the URL, but i don't understand why. I 
think that the problem is related with this composition.


More information about the users mailing list