Embedded Discovery Service "looping"

Don Faulkner donf at uark.edu
Fri Feb 15 13:16:48 EST 2013

It's our first setup of any discovery service, and I'm not getting it
right. Anyone feel like tutoring a bit?

We're on Redhat Enterprese 6.3, using shibbleth SP 2.5.0 and embedded DS

So, the DS is installed at /shibboleth-ds via an apache <Location>
directive and I've configured testGUI=true. I have three IdP's in
/Shibboleth.sso/DiscoFeed. Two of them have IDPUI metadata which
displays correctly when I hit /shibbleth-ds/index.html

Now to the problems.
>From the docs it looks like I'm supposed to set my SSO discoveryURL to
"https://service.example.com/shibboleth-ds" but this doesn't work. I
have to specify "https://service.example.com/shibboleth-ds/index.html"
(presumably because its a <Location>, not a <Directory> Am I using the
right discoveryURL?

When I do get the Discovery page to load, if you pick an IdP, you're
redirected over and over again to the same page in the discovery
service. I don't see a redirect back to the SP, though I could be
missing it.

me Don Faulkner, CISSP | IT Security <http://its.uark.edu/> at the
University of Arkansas <http://www.uark.edu/>
contact>> donf at uark.edu <mailto:donf at uark.edu> | +1 (479) 575-2905
connect>> uarkITS on Facebook <http://www.facebook.com/uarkITS> | @uaits
<http://twitter.com/uaits> | @dfaulkner <http://twitter.com/dfaulkner>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130215/b895c78d/attachment.html 

More information about the users mailing list