"403 Forbidden" error

Ran Chen rchen2 at andrew.cmu.edu
Thu Jul 20 11:41:33 EDT 2017


Hi,
I am new to shibboleth, and I am kind of confused about sp configuration.
Our users can redirect to the idp login page after clicking the "login",
however after their identification been verified successfully, they will
get "403 forbidden error" on the web page, and can not redirect to our
homepage.

​Our shibd.conf file(located in etc/httpd/conf.d) looks like:

# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig

# RPM installations on platforms with a conf.d directory will
# result in this file being copied into that directory for you
# and preserved across upgrades.

# For non-RPM installs, you should copy the relevant contents of
# this file to a configuration location you control.

#
# Load the Shibboleth module.
#
LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_22.so

#
# Turn this on to support "require valid-user" rules from other
# mod_authn_* modules, and use "require shib-session" for anonymous
# session-based authorization in mod_shib.
#
#ShibCompatValidUser Off

#
# Ensures handler will be accessible.
#
<Location /Shibboleth.sso>
  AuthType None
  Require all granted
</Location>

#
# Used for example style sheet in error templates.
#
<IfModule mod_alias.c>
  <Location /shibboleth-sp>
    AuthType None
    Require all granted
  </Location>
  Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
</IfModule>

#
# Configure the module for content.
#
# You MUST enable AuthType shibboleth for the module to process
# any requests, and there MUST be a require command as well. To
# enable Shibboleth but not specify any session/access requirements
# use "require shibboleth".
#
<Location /dis>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  ShibRequestSetting redirectToSSL 443
  require shib-user ~ .*@andrew.cmu.edu$
</Location>

Is there anything wrong with it? Thank you so much!

Ran,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170720/f90b3b5b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2017-07-20 at 11.37.29 AM.png
Type: image/png
Size: 18368 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20170720/f90b3b5b/attachment-0001.png>


More information about the users mailing list