AW: AW: exportAssertion not working
Kevin Flückiger
kevin.flueckiger at inovitas.ch
Thu Apr 30 08:20:12 EDT 2015
I finaly found some time to get back to this.
I can confirm that I don't see any sp specific headers at all. However, I put a script on the server which reads the environment variables Shib-Assertion-Count and Shib-Assertion-01 and they are there! When I access the URL in Shib-Assertion-01 it truly gets the correct Assertion.
So the error seems to happen somewhere between the SP and apache2. Do I need to configure something in apache2 for this to work? As a reminder: The only thing I did on the apache side was adding this to my vhost:
<Directory /var/www/>
AuthType shibboleth
ShibRequestSetting requireSession true
ShibRequestSetting exportAssertion true
Require valid-user
</Directory>
-----Ursprüngliche Nachricht-----
Von: users [mailto:users-bounces at shibboleth.net] Im Auftrag von Cantor, Scott
Gesendet: Freitag, 24. April 2015 16:57
An: Shib Users
Betreff: Re: AW: exportAssertion not working
On 4/24/15, 2:54 PM, "Kevin Flückiger" <kevin.flueckiger at inovitas.ch>
wrote:
>
>I have currently not configured <SessionCache> because from the
>documentation I understand that cacheAssertions should already be enabled
>by default. Correct me if I'm wrong.
That's correct.
>The rest works fine, yes. I can login on the idp login page, then I get
>redirected to the index html and I can see the session cookie, just not
>the headers I'm expecting. I can see the released attributes when I go to
>/Session.
If you don't see any headers from the SP then you're not even protecing
the resource in question. Otherwise the only reason the export feature
wouldn't work if all the relevant settings are there is the one Peter
identified.
-- Scott
>
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list