How to /Authn/RemoteUser with IdP 3.0

Peter Schober peter.schober at
Mon May 18 08:22:14 EDT 2015

* Kathy E. Wright <kewrig at> [2015-05-17 01:01]:
> I cannot duplicate our current IdP 2.4 configuration which uses
> */idpAuthn/RemoteUser *with Apache ajp_proxy​ to delegate authentication to
> our campus SSO portal as described here:
> From the browser we see the following error:
> Error from identity provider:
> Status: urn:oasis:names:tc:SAML:2.0:status:Requester
> Sub-Status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed

Look at httpd's access log (for the correct vhost that proxies to your
Java servlet container) to make sure REMOTE_USER is set. The value is
written to the access log by default.

More information about the users mailing list