EDS issues
Chanda Banda
chandabnd727 at googlemail.com
Fri Feb 2 12:39:02 EST 2018
Thanks for your reply.
So, I put the following into my shibboleth2.xml:
<Path name="eds" authType="shibboleth" requireSession="false"/>
Which I think is what I need (i know you said IIS config). But no luck.
But thinking about it, the eds will be used on my website.
Shibboleth and my website are on totally different
servers - does that actually make it easier? Or is it impossible
to have that setup?
Thanks.
On Fri, Feb 2, 2018 at 3:50 PM, Robert Bradley <robert.bradley at it.ox.ac.uk>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 02/02/18 15:21, Chanda Banda wrote:
> > HI,
> >
> > Im trying to get the EDS working. Ive followed the instructions so
> > in my shibboleth2.xml I have:
> >
> > <SSO discoveryProtocol="SAMLDS" discoveryURL="
> > https://MYDOMAIN/shibboleth/eds/index.html"> SAML2 SAML1 </SSO>
> >
> > and
> >
> > <MetadataProvider type="XML" uri="
> > http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"
> > backingFilePath="ukfederation-metadata.xml" reloadInterval="14400"
> > legacyOrgNames="true"> <MetadataFilter type="RequireValidUntil"
> > maxValidityInterval="2592000"/> <MetadataFilter type="Signature"
> > certificate="ukfederation.pem"/> </MetadataProvider>
> >
> > One thing I am unsure about is that the documentation has a
> > different URI and backingFilePath???
> >
> > <MetadataProvider type="XML" uri="http://federation/metadata.xml"
> > <http://federation/metadata.xml> backingFilePath="federation.xml"
> > legacyOrgNames="true" reloadInterval="7200"
>
>
> The URL here is a placeholder for a real metadata location (e.g. the
> UK federation URL you're currently using).
>
> >
> > Anyhow, qith my settings when I go to:
> >
> > https://MYDOMAIN/Shibboleth.sso/Login
> >
> > I get redirected to:
> >
> > https://MYDOMAIN/shibboleth/eds/Index.html?entityID=https%3A%2F%2FMYDO
> MAIN%2Fshibboleth&return=https%3A%2F%2FMYDOMAIN
> >
> >
> etcetcetcetcetc
> >
> > And then I get the error message:
> >
> > *The page isn’t redirecting properly* Any advice appreciated.
>
> Most likely the EDS pages are also being protected by Shibboleth, and
> so you end up in a continuous loop. You probably want to add the
> following to your Apache configuration:
>
> # Needed for embedded DS to work
> <Location /shibboleth/eds>
> AuthType Shibboleth
> ShibRequestSetting requireSession 0
> Require all granted
> </Location>
>
> to unprotect just the EDS pages and restart Apache. (If this is using
> IIS instead of Apache, similar advice applies, but the specific
> configuration needed will be different.)
>
> - --
> Dr Robert Bradley
> Identity and Access Management Team, IT Services, University of Oxford
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCAAdFiEEgF3NFfO9FqlA+ME+lGGnynav474FAlp0iK0ACgkQlGGnynav
> 475nQw/+IEKJ17srTLtLsbrABD0JJDmZFFsZQe42sbVMNYIPVkJZ/imto7uV/Xck
> 9goDY/VSH4OqUXWvxAzRo3zfoVxVXBRtKyHh4z7KuHjeGlVFBzs0pvjmnGo97Djt
> 7EWa3vXuXh3AbM/YN8TQrMOZ1s/4QKCrCMMRWLFpj47f8um/TtWgWb6aWwyvN4T4
> TsnxBPbNjamjmC4RPFl3arsY36ldALEt78Af0U6iYTEyUHvm2Ctbzi0BY8mvRZI9
> 3BMFoisXA7+G6fZTPP7ZRJpMTK8XjaoeOU5BhpLQMkN78N6Q5Yu/1TUZ1ewi0AKS
> xTELjl8CObO0VyRXvauaq94Or2P/ySGHHcv3FwXHsbpllu9gmNjZ1EFl7xz6VtZJ
> Gd05sbxaLEZkMiCMpjO5e9B6TA3QoTSWxXinCxj3moEn5U/K2gr6oXwibIcMz0A2
> fiiZzjqBO5YHUFymluICju6ZHer5ohGo92gA6LI1AUUiVWKDqYD0IT4btciO721h
> VWrrrCknaARtvU83yT9Vyc1I64iKMCm5gShhHcb9MDJwYtHihXzyXuSWKZR7g9wm
> w1EovmxiQJKIHgz1A0hBnlwwMyJczxPEpxRfunHFuiT87TlMZPGJ1oFZhzBx6K1L
> C9tmSkn2ycN8Ng+pQO3fEdElxUoE0P13BR5mD2oby6V7MnpvEIc=
> =8fHr
> -----END PGP SIGNATURE-----
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180202/97f02f68/attachment.html>
More information about the users
mailing list