Looping issue when trying to integrate openstack with testshib
Akshik DBK
akshik at outlook.com
Wed Mar 4 02:21:43 EST 2015
hi im trying to integrate openstack keystone with testshib, stuck with the looping error any help
I tried with the auto-generated shibboleth2.xml, just added the application override attribute, now im stuck with looping issue,when i access v3/OS-FEDERATION/identity_providers/idp_2/protocols/saml2/auth for the first time it is prompting for username and password once provided it goes on loop.i could see session generated https://115.112.68.53:5000/Shibboleth.sso/SessionMiscellaneous
Client Address: 121.243.33.212
Identity Provider: https://idp.testshib.org/idp/shibboleth
SSO Protocol: urn:oasis:names:tc:SAML:2.0:protocol
Authentication Time: 2015-03-04T06:44:41.625Z
Authentication Context Class: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Authentication Context Decl: (none)
Session Expiration (barring inactivity): 479 minute(s)
Attributes
affiliation: Member at testshib.org;Staff at testshib.org
entitlement: urn:mace:dir:entitlement:common-lib-terms
eppn: myself at testshib.org
persistent-id: https://idp.testshib.org/idp/shibboleth!https://115.112.68.53/shibboleth!4Q6X4dS2MRhgTZOPTuL9ubMAcIM=
unscoped-affiliation: Member;Staffhere are my config files,<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" clockSkew="1800"> <ApplicationDefaults entityID="https://115.112.68.53/shibboleth" REMOTE_USER="eppn"> <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="true" handlerSSL="true" cookieProps="; path=/; secure"> <SSO entityID="https://idp.testshib.org/idp/shibboleth"> SAML2 SAML1 </SSO> <Logout>SAML2 Local</Logout> <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/> <Handler type="Status" Location="/Status"/> <Handler type="Session" Location="/Session" showAttributeValues="true"/> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/> </Sessions> <Errors supportContact="root at localhost" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/> <MetadataProvider type="XML" uri="https://www.testshib.org/metadata/testshib-providers.xml" backingFilePath="/tmp/testshib-two-idp-metadata.xml" reloadInterval="180000" /> <AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/> <AttributeResolver type="Query" subjectMatch="true"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/> <ApplicationOverride id="idp_2" entityID="https://115.112.68.53/shibboleth"> <!--Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false"--> <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="true" cookieProps="; path=/; secure"> <!-- Triggers a login request directly to the TestShib IdP. --> <SSO entityID="https://idp.testshib.org/idp/shibboleth" ECP="true"> SAML2 SAML1 </SSO> <Logout>SAML2 Local</Logout> </Sessions> <MetadataProvider type="XML" uri="https://www.testshib.org/metadata/testshib-providers.xml" backingFilePath="/tmp/testshib-two-idp-metadata.xml" reloadInterval="180000" /> </ApplicationOverride> </ApplicationDefaults> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/> <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/></SPConfig>keystone-httpdWSGIDaemonProcess keystone user=keystone group=nogroup processes=3 threads=10#WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/cgi-bin/keystone/main/$1<VirtualHost *:5000> LogLevel info ErrorLog /var/log/keystone/keystone-apache-error.log CustomLog /var/log/keystone/ssl_access.log combined Options +FollowSymLinks SSLEngine on #SSLCertificateFile /etc/ssl/certs/mycert.pem #SSLCertificateKeyFile /etc/ssl/private/mycert.key SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key SSLVerifyClient optional SSLVerifyDepth 10 SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLOptions +StdEnvVars +ExportCertData WSGIScriptAlias / /var/www/cgi-bin/keystone/main WSGIProcessGroup keystone</VirtualHost><VirtualHost *:35357> LogLevel info ErrorLog /var/log/keystone/keystone-apache-error.log CustomLog /var/log/keystone/ssl_access.log combined Options +FollowSymLinks SSLEngine on SSLEngine on #SSLCertificateFile /etc/ssl/certs/mycert.pem #SSLCertificateKeyFile /etc/ssl/private/mycert.key SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key SSLVerifyClient optional SSLVerifyDepth 10 SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLOptions +StdEnvVars +ExportCertData WSGIScriptAlias / /var/www/cgi-bin/keystone/admin WSGIProcessGroup keystone</VirtualHost>wsgi-keystoneWSGIScriptAlias /keystone/main /var/www/cgi-bin/keystone/mainWSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin<Location "/keystone"># NSSRequireSSLSSLRequireSSLAuthtype none</Location><Location /Shibboleth.sso># SetHandler shib Require all granted</Location><Location /v3/OS-FEDERATION/identity_providers/idp_1/protocols/saml2/auth> ShibRequestSetting requireSession 1 ShibRequestSetting applicationId idp_1 AuthType shibboleth ShibRequireAll On ShibRequireSession On ShibExportAssertion Off Require valid-user</Location><Location /v3/OS-FEDERATION/identity_providers/idp_2/protocols/saml2/auth> ShibRequestSetting requireSession 1 ShibRequestSetting applicationId idp_2 AuthType shibboleth ShibRequireAll On ShibRequireSession On ShibExportAssertion Off Require valid-user</Location>Regards,Akshik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20150304/869c062d/attachment-0001.html
More information about the users
mailing list