url modified by IdP redirect
Dr. Marco Lechner
mlechner at bfs.de
Wed May 17 10:41:14 EDT 2017
Hi,
we are facing problems with URLs being modified (and therefore do not
work anymore) when Shibboleth redirects via IdP login.
An example permalink is:
https://foo.example.com/bar/#map/12345/67890
When accessing this link without a required shibboleth session:
AuthType shibboleth
ShibCompatWith24 On
ShibRequestSetting requireSession 0
Require shibboleth
everything works fine. Even if a shibboleth session is required to
access the loaction but is already available.
But if the Location is configured requiring a shibboleth session:
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
then the URL does not work if authenticating at the IdP. But it works
when the URL is:
https://foo.example.com/bar/%23map/12345/67890
Using the latest URL (with %23 instead of #) in the first example (no
shibboleth session required or already available), then the latest URL
does not work.
It seems that the IdP redirect does some strange things (URL en- or
decoding).
Any help available for that?
Marco
P.S. overview
1. no session required or already existing
- https://foo.example.com/bar/#map/12345/67890 -> good
- https://foo.example.com/bar/%23map/12345/67890 -> fail
2. session required and no session yet available (go through IdP)
- https://foo.example.com/bar/#map/12345/67890 -> fail
- https://foo.example.com/bar/%23map/12345/67890 -> good
--
Dr. Marco Lechner
Bundesamt fuer Strahlenschutz / Federal Office for Radiation Protection
SW2.1 Koordination Notfallschutzsysteme / Coordination Emergency Systems
Rosastrasse 9 | D-79098 Freiburg | Germany
mlechner at bfs.de | +49 (0)3018 333 6724 | www.bfs.de
--
Hinweis zu Anhängen die auf .p7m/.p7c/.p7s oder .asc/.asc.sig enden:
Die .p7?- und .asc-Dateien sind ungefährliche Signaturdateien (digitale
Unterschriften).
In E-Mail-Clients mit S/MIME Konfiguration (.p7?) oder PGP-Erweiterung
(.asc) dienen sie zur:
- - Überprüfung des Absenders
- - Überprüfung einer evtl. Veränderung des Inhalts während der
Übermittlung über das Internet
Die Signaturdateien können ebenso dazu verwendet werden dem Absender
dieser Signatur eine E-Mail mit verschlüsseltem Inhalt zu senden.
In E-Mail-Clients ohne S/MIME Konfiguration oder PGP-Erweiterung
erscheinen die Dateien als Anhang und können ignoriert werden.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xD733400E.asc
Type: application/pgp-keys
Size: 3108 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20170517/d6951048/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5099 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20170517/d6951048/attachment-0001.p7s>
More information about the users
mailing list