Shibboleth handler invoked at an unconfigured location
Peter Schober
peter.schober at univie.ac.at
Thu May 19 09:57:15 EDT 2016
* reda sabir <sabiretude at gmail.com> [2016-05-19 12:05]:
> - I retook the same use case : One SP and two IdP where each IdP
> will be used when the user access a specific URL. So, I have two
> hostname pointing at the same website: wso2.shibboleth.example.com
> and openam.shibboleth.example.com.
You already agreed that there was no need for Overrides, yet your
configuration features ApplicationOverrides?!
> - The httpd config look like this :
> #wso2
> <VirtualHost *:80>
> ServerName wso2.shibboleth.example.com
>
> DocumentRoot "/var/www/html/"
> <Location /secure>
> AuthType shibboleth
> ShibRequestSetting requireSession 1
> ShibRequestSetting applicationId default
> require shib-session
> </Location>
"applicationId default" is a noop, AFAIU ("default" is default).
Instead of the override what you want here is
ShibRequestSetting entityID https://entityid-of-one-such-idp.example.org
> ShibRequestSetting applicationId openam-id
Same thing: Drop the override, add an entityID parameter.
> <MetadataProvider type="XML" validate="true"
> file="/etc/shibboleth/wso2_metadata.xml"/>
Here add metadata for all IDPs, not just one.
> <ApplicationOverride id="openam-id">
Lose the whole ApplicationOverride and child elements.
I've not yet looked at your DEBUG log since none of what you do
matches what you said you wanted.
-peter
More information about the users
mailing list