Wordpress & Shibboleth Headers

Mr. Christopher Bland chris at fdu.edu
Wed May 11 11:31:00 EDT 2016

Hi Peter,

Thanks again, with your suggestions I figured it out.  For all who may read this in the future my problem was with lazy sessions.  The docs for the plugin are a little bit dated.  Not saying this is right but it worked for me

	AuthType shibboleth
	ShibRequestSetting applicationId wordpress
	ShibRequireSession Off
	ShibUseHeaders On
	Require shibboleth

I added the ShibRequestSetting because I am working on a vhost which has an ApplicationOverride for my Wordpress instance


> On May 10, 2016, at 10:49 AM, Peter Schober <peter.schober at univie.ac.at> wrote:
> * Mr. Christopher Bland <chris at fdu.edu> [2016-05-10 03:51]:
>> Just deployed a new Wordpress v4.5.2 install with a v2.5.6 SP.  I am
>> using the Shibboleth v1.7 plugin in multisite WP config.  I verified
>> my SP is working. Right now I am getting an infinite loop when I try
>> to login because the Shibboleth plugin doesn’t see the Shibboleth
>> headers.  Based on the posts I’ve read and testing to confirm it
>> seems that the shibboleth_session_active() in the plugin is looking
>> for Shib-Session-ID', 'Shib_Session_ID’, or
>> ‘HTTP_SHIB_IDENTITY_PROVIDER’ header variables and not finding it.
>> I dumped all of the $_SERVER variables and they’re populated, just
>> not the Shibboleth ones.
> Terminology nit: Unless you changed your Shib config to populate HTTP
> Request Headers instead of (web server) environment variables (which
> you shouldn't) there won't be any headers. So those HTTP_something
> headers won't appear, the others (Shib-Identity-Provider etc.) of
> course should, for resources the Shib SP has been instructed to care
> about.
> If you don't see the envvars set by Shib then likely the script you're
> using to log/print them isn't protected by the Shib SP, not even
> "passively" (as in "require shibboleth", search for Lazy Sessions in
> the wiki). So that may be a fault of your testing approach or it may
> well be the very reason for the loop you're seeing.
> Once you see any of the envvars you'll probably notice that their
> names don't match what WordPress expects. IIRC that has to do with
> mod_rewrite (as used heavily by popular PHP applications) and httpd
> sub-requests, possibly changing 'foo' into 'REDIRECT_foo' (or some
> such). Adding Lazy Sessions to the whole server (Location /) may or
> may not fix that.
> There were two threads about that on June 6th and 8th 2011 (in the
> context of a Drupal deployment, but same thing), but it seems the
> availably archives only go back until July 2011...
> http://shibboleth.net/pipermail/users/
> http://marc.info/?l=shibboleth-announce
>> I’ve seen a few posts from people with the same issue but everyone
>> seems to say it was a configuration issue, no explanation.
> Gotta love that.
> -peter
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list