Shibboleth does not accept absolute value in Sessions.handlerURL
nr673 .
nara.rama.us at gmail.com
Mon Feb 16 13:41:23 EST 2015
Thanks Scott/Peter.
In my environment, the Apache server is configured to accept the SSL
connection only with the empty port or default port 443.
https://server.name1/Shibboleth.sso/SAML2/POST
https://server.name1:443/Shibboleth.sso/SAML2/POST
So, I configured the post back URL in OKTA(IdP) as
https://server.name1/Shibboleth.sso/SAML2/POST. But, the shibboleth
generates the POST url with the default port number as
https://server.name1:80/Shibboleth.sso/SAML2/POST. This url mismatch
results in the BindingException.
So, I want to modify the URL generated by Shibboleth. Since the handlerURL
accepts only the relative value, I cannot make the Shibboleth to generate
either https://server.name1/Shibboleth.sso/SAML2/POST or
https://server.name1:443/Shibboleth.sso/SAML2/POST.
Thanks
Nara
On Mon, Feb 16, 2015 at 6:53 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 2/16/15, 1:55 AM, "nr673 ." <nara.rama.us at gmail.com> wrote:
>
> >When I set the absolute value for the handlerURL, the metadata prefixes
> >the server name twice.
>
> Well, that metadata is not guaranteed to be correct, so if this affects
> you greatly, you're doing something wrong. But it's probably a bug and/or
> related to some issue with server virtualization being configured
> improperly so that the requests don't seem to be handled by the same vhost
> contained in the handlerURL.
>
> You can file a bug, but you'll need to be very detailed about the web
> server configuration and how you're accessing the handler.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20150216/6c28229c/attachment.html
More information about the users
mailing list