How to /Authn/RemoteUser with IdP 3.0

[Kathy E. Wright]

Thanks to all who responded and to Mark Mercado at UM-Flint and Walter Hoehn
at Memphis for helping me finally get this working.

Our config contained trailing spaces after "RemoteUser" in
%{idp.home}/conf/idp.properties.


   - idp.authn.flows=RemoteUser
   - idp.authn.flows.initial= RemoteUser

Extra white spaces are not trimmed from values entered into idp.properties.
 After eliminating the trailing spaces, the config worked.

​Our implementation uses Tomcat8/Java8/Apache-mod_ajp_proxy.

Thanks to Walter for helping me identify our idp servlet
was properly protected and sending Remote User to the idp.

Best,
Kathy​


On Mon, May 18, 2015 at 8:22 AM, Peter Schober <peter.schober at univie.ac.at>
wrote:

> * Kathy E. Wright <kewrig at clemson.edu> [2015-05-17 01:01]:
> > I cannot duplicate our current IdP 2.4 configuration which uses
> > */idpAuthn/RemoteUser *with Apache ajp_proxy​ to delegate authentication
> to
> > our campus SSO portal as described here:
> [...]
> > From the browser we see the following error:
> > Error from identity provider:
> >
> > Status: urn:oasis:names:tc:SAML:2.0:status:Requester
> >
> > Sub-Status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
>
> Look at httpd's access log (for the correct vhost that proxies to your
> Java servlet container) to make sure REMOTE_USER is set. The value is
> written to the access log by default.
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 

Infrastructure & Ops
CCIT, 340 Computer Court
Anderson, SC 29625
kewrig at clemson.edu
(864) 656-8133
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150527/2e85e9a9/attachment.html>