RequestMap doesn't seem to be triggering Shib processing
Steven Carmody
steven_carmody at brown.edu
Thu Sep 25 12:11:47 EDT 2014
Hi,
I now have a situation with an SP in the local Library where I have to
use RequestMap. But, it seems that RequestMap processing is not
detecting a match, and consequently not "protecting" the path.
Bizarrely, "protection" works fine if I add a Location block to the
shib.conf file that Shib supplies to apache. However, without that,
apache/shib doesn't seem to recognize that this path should be protected
by Shib. I've even turned up logging in native.logger to DEBUG on
several of the items. Shib is recognizing Path name="test-override" when
parsing the file on startup.
I've pasted in below the relevant shibboleth2.xml elements. ... the url is:
https://stc-test5.cis.brown.edu/test-override/
And I've set ServerName, and "UseCanonicalName On" for apache.
Thanks for any and all suggestions!
<RequestMapper type="Native">
<RequestMap>
<Host name="stc-test5.cis.brown.edu" exportAssertion="true" >
<Path name="secure" authType="shibboleth"
requireSession="true"/>
<!-- this is used for testing setting option for the DS -->
<Path name="test-override" applicationId="test-override"
authType="shibboleth" requireSession="true"/>
</Host>
</RequestMap>
</RequestMapper>
<ApplicationOverride id="test-override" >
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
handlerURL="/test-override/Shibboleth.sso" handlerSSL="true"
exportLocation="/test-override/Shibboleth.sso/GetAssertion"
idpHistory="false" idpHistoryDays="7"
cookieProps="; path=/test-override">
<SSO discoveryProtocol="SAMLDS"
discoveryURL="https://stc-test5.cis.brown.edu/DS-no-social/">
SAML2 SAML1
</SSO>
</Sessions>
</ApplicationOverride>
More information about the users
mailing list