AW: AW: exportAssertion not working

Kevin Flückiger kevin.flueckiger at inovitas.ch
Thu Apr 30 08:20:12 EDT 2015


I finaly found some time to get back to this. 
I can confirm that I don't see any sp specific headers at all. However, I put a script on the server which reads the environment variables Shib-Assertion-Count and Shib-Assertion-01 and they are there! When I access the URL in Shib-Assertion-01 it truly gets the correct Assertion.
So the error seems to happen somewhere between the SP and apache2. Do I need to configure something in apache2 for this to work? As a reminder: The only thing I did on the apache side was adding this to my vhost:
<Directory /var/www/>
                AuthType shibboleth
                ShibRequestSetting requireSession true
                ShibRequestSetting exportAssertion true
                Require valid-user
</Directory>


-----Ursprüngliche Nachricht-----
Von: users [mailto:users-bounces at shibboleth.net] Im Auftrag von Cantor, Scott
Gesendet: Freitag, 24. April 2015 16:57
An: Shib Users
Betreff: Re: AW: exportAssertion not working

On 4/24/15, 2:54 PM, "Kevin Flückiger" <kevin.flueckiger at inovitas.ch> 
wrote:


>
>I have currently not configured <SessionCache> because from the 
>documentation I understand that cacheAssertions should already be enabled 
>by default. Correct me if I'm wrong.

That's correct. 

>The rest works fine, yes. I can login on the idp login page, then I get 
>redirected to the index html and I can see the session cookie, just not 
>the headers I'm expecting. I can see the released attributes when I go to 
>/Session.

If you don't see any headers from the SP then you're not even protecing 
the resource in question. Otherwise the only reason the export feature 
wouldn't work if all the relevant settings are there is the one Peter 
identified.

-- Scott

>
-- 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


More information about the users mailing list