Shibboleth handler invoked at an unconfigured location

Peter Schober peter.schober at
Thu May 19 09:57:15 EDT 2016

* reda sabir <sabiretude at> [2016-05-19 12:05]:
> - I retook the same use case : One SP and two IdP where each IdP
> will be used when the user access a specific URL. So, I have two
> hostname pointing at the same website:
> and

You already agreed that there was no need for Overrides, yet your
configuration features ApplicationOverrides?!

> - The httpd config look like this :
> #wso2
> <VirtualHost *:80>
>     ServerName
>     DocumentRoot "/var/www/html/"
>     <Location /secure>
>               AuthType shibboleth
>               ShibRequestSetting requireSession 1
>               ShibRequestSetting applicationId default
>               require shib-session
>      </Location>

"applicationId default" is a noop, AFAIU ("default" is default).
Instead of the override what you want here is
  ShibRequestSetting entityID

>               ShibRequestSetting applicationId openam-id

Same thing: Drop the override, add an entityID parameter.

>     <MetadataProvider type="XML" validate="true"
> file="/etc/shibboleth/wso2_metadata.xml"/>

Here add metadata for all IDPs, not just one.

>     <ApplicationOverride id="openam-id">

Lose the whole ApplicationOverride and child elements.

I've not yet looked at your DEBUG log since none of what you do
matches what you said you wanted.

More information about the users mailing list