ACS url when running daemon in linux sockets?

Br LRd blasterradius at gmail.com
Wed Dec 28 05:40:40 EST 2016


Actually now starting lighttpd and shibresponder in a socket  (like this
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPFastCGIConfig),
and sending a POST into that socket still gives
"opensamlBindingException at (http://localhost/Shibboleth.sso/SAML2/POST)
SAML message delivered with POST to incorrect server URL."

Even though with lighttpd running http://localhost/Shibboleth.sso/SAML2/POST
is a valid URL (accessing it through browser gives 'Invalid HTTP method
(GET)' as it should).
Generating metadata, 'http://localhost/Shibboleth.sso/SAML2/POST' is shown
as the ACS url for http-post binding..

So I guess new question is, if 'http://localhost/Shibboleth.sso/SAML2/POST'
is the incorrect url, where is it trying to send assertions / where should
it send them to?

On Wed, Dec 28, 2016 at 12:02 PM, Br LRd <blasterradius at gmail.com> wrote:

> Average use case: You use Apache + modshib, depending on apache and shib
> settings your URL to stuff like login etc would be something like '
> http://localhost/Shibboleth.sso/<handler>'.
>
> What I'm doing: Running only shibd daemon on my machine, start
> shibresponder binary listening on a socket, for example with spawn-fcgi
> 'spawn-fcgi -f /usr/lib/x86_64-linux-gnu/shibboleth/shibresponder -s
> /tmp/shib.sock'.
>
> When I send HTTP requests into /tmp/shib.sock, it works, except for when I
> try to send a POST
> with valid samlrequest parameter into /Shibboleth.sso/SAML2/POST, I get:
>
> opensaml::BindingException at (http://localhost/
> Shibboleth.sso/SAML2/POST)
> SAML message delivered with POST to incorrect server URL
>
> Shibresponder requires a serverName and serverPort values, which I had
> randomly set to localhost and 80, so that's why it gives that URL in the
> bindingexception.
> It looks like the error is because it tries to send the assertion to that
> URL but since I'm not running a server, there's nothing at that address.
>
> What I'm confused about is that when I send a GET request to
> /Shibboleth.sso/Login, it works and returns HTTP response containing a 302
> URL. Why wouldn't the POST work?
>
> What should serverAddress and serverPort values be when I'm not running a
> local server but only have shibresponder listening on a socket, i.e can i
> make it send the assertions also into the socket, because sending HTTP
> requests there works?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20161228/2aef7405/attachment.html>


More information about the users mailing list