Lazy Sessions and /secure
Mr. Christopher Bland
chris at fdu.edu
Wed Nov 15 10:39:35 EST 2017
Hi Scott,
Did a little more digging and reading and my primary issue is
Overlapping Webspace
In order to have two overlapping URLs one has to consider the order in which certain sections or directives are evaluated. For<Location><http://httpd.apache.org/docs/current/mod/core.html#location> this would be:
<Location "/foo">
</Location>
<Location "/foo/bar">
</Location>
After moving my location directive around I started getting
AH01629: authorization failure (no authenticated user): /secure/
I changed /secure to what’s below and it works now. I
<Location />
AuthType shibboleth
ShibRequireSession Off
ShibUseHeaders On
Require shibboleth
</Location>
<Location /secure>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
</Location>
Hope this helps anyone else that hits this problem.
-Chris
On Nov 14, 2017, at 10:03 AM, Cantor, Scott <cantor.2 at osu.edu<mailto:cantor.2 at osu.edu>> wrote:
I didn’t set up a different Session Initiator so I don’t think I need
requireSessionWith. I also didn’t set up a RequestMap thinking I should be
able to accomplish this in the shib.conf file.
Location settings merge in very complex ways, I would imagine you're seeing the effect of that. I believe Location / will usually trump just about everything.
-- Scott
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20171115/f2ab5e5c/attachment-0001.html>
More information about the users
mailing list