EDS issues

Robert Bradley robert.bradley at it.ox.ac.uk
Fri Feb 2 10:50:06 EST 2018 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/02/18 15:21, Chanda Banda wrote:
> HI,
> 
> Im trying to get the EDS working. Ive followed the instructions so
> in my shibboleth2.xml I have:
> 
> <SSO discoveryProtocol="SAMLDS" discoveryURL=" 
> https://MYDOMAIN/shibboleth/eds/index.html"> SAML2 SAML1 </SSO>
> 
> and
> 
> <MetadataProvider type="XML" uri=" 
> http://metadata.ukfederation.org.uk/ukfederation-metadata.xml" 
> backingFilePath="ukfederation-metadata.xml" reloadInterval="14400" 
> legacyOrgNames="true"> <MetadataFilter type="RequireValidUntil" 
> maxValidityInterval="2592000"/> <MetadataFilter type="Signature"
> certificate="ukfederation.pem"/> </MetadataProvider>
> 
> One thing I am unsure about is that the documentation has a
> different URI and backingFilePath???
> 
> <MetadataProvider type="XML" uri="http://federation/metadata.xml" 
> <http://federation/metadata.xml> backingFilePath="federation.xml"
> legacyOrgNames="true" reloadInterval="7200"


The URL here is a placeholder for a real metadata location (e.g. the
UK federation URL you're currently using).

> 
> Anyhow, qith my settings when I go to:
> 
> https://MYDOMAIN/Shibboleth.sso/Login
> 
> I get redirected to:
> 
> https://MYDOMAIN/shibboleth/eds/Index.html?entityID=https%3A%2F%2FMYDO
MAIN%2Fshibboleth&return=https%3A%2F%2FMYDOMAIN
>
> 
etcetcetcetcetc
> 
> And then I get the error message:
> 
> *The page isn’t redirecting properly* Any advice appreciated.

Most likely the EDS pages are also being protected by Shibboleth, and
so you end up in a continuous loop.  You probably want to add the
following to your Apache configuration:

# Needed for embedded DS to work
<Location /shibboleth/eds>
  AuthType Shibboleth
  ShibRequestSetting requireSession 0
  Require all granted
</Location>

to unprotect just the EDS pages and restart Apache.  (If this is using
IIS instead of Apache, similar advice applies, but the specific
configuration needed will be different.)

- -- 
Dr Robert Bradley
Identity and Access Management Team, IT Services, University of Oxford
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEgF3NFfO9FqlA+ME+lGGnynav474FAlp0iK0ACgkQlGGnynav
475nQw/+IEKJ17srTLtLsbrABD0JJDmZFFsZQe42sbVMNYIPVkJZ/imto7uV/Xck
9goDY/VSH4OqUXWvxAzRo3zfoVxVXBRtKyHh4z7KuHjeGlVFBzs0pvjmnGo97Djt
7EWa3vXuXh3AbM/YN8TQrMOZ1s/4QKCrCMMRWLFpj47f8um/TtWgWb6aWwyvN4T4
TsnxBPbNjamjmC4RPFl3arsY36ldALEt78Af0U6iYTEyUHvm2Ctbzi0BY8mvRZI9
3BMFoisXA7+G6fZTPP7ZRJpMTK8XjaoeOU5BhpLQMkN78N6Q5Yu/1TUZ1ewi0AKS
xTELjl8CObO0VyRXvauaq94Or2P/ySGHHcv3FwXHsbpllu9gmNjZ1EFl7xz6VtZJ
Gd05sbxaLEZkMiCMpjO5e9B6TA3QoTSWxXinCxj3moEn5U/K2gr6oXwibIcMz0A2
fiiZzjqBO5YHUFymluICju6ZHer5ohGo92gA6LI1AUUiVWKDqYD0IT4btciO721h
VWrrrCknaARtvU83yT9Vyc1I64iKMCm5gShhHcb9MDJwYtHihXzyXuSWKZR7g9wm
w1EovmxiQJKIHgz1A0hBnlwwMyJczxPEpxRfunHFuiT87TlMZPGJ1oFZhzBx6K1L
C9tmSkn2ycN8Ng+pQO3fEdElxUoE0P13BR5mD2oby6V7MnpvEIc=
=8fHr
-----END PGP SIGNATURE-----

More information about the users mailing list