How Do You Change SP Target URL?
Goodspeed, Glenn
glenn.goodspeed at uta.edu
Fri Feb 23 18:37:05 EST 2018
I'm trying to get Shibboleth to work with a new DSpace 6 installation on Centos 7 running Apache 2.4 and Tomcat 8. The problem seems to be that the Service Provider is telling the IdP to send the authentication response to the wrong URL. The fellow who maintains the Identity Provider says it logs the target AssertionConsumerServiceURL as:
https://rc.library.ourschool.edu:8080/Shibboleth.sso/SAML2/POST
But the URL should not have "8080" in it, so we get the "no peer" error message. I can't find a way to change the target URL!
Here are the relevant lines from the Apache main config:
# Send requests for / to /ourschool-ir
RedirectMatch ^/$ /ourschool-ir
# Redirect http to https
Redirect permanent /ourschool-ir https://rc.library.ourschool.edu/ourschool-ir
And from the Apache virtual server config:
<Location />
# Configure Shibboleth for "lazy" authentication
AuthType shibboleth
ShibUseHeaders on
Require shibboleth
</Location>
<Location /Shibboleth.sso>
# Suggested by DSpace docs
ProxyPass !
SetHandler shib
</Location>
ProxyPass /ourschool-ir http://rc.library.ourschool.edu:8080/ourschool-ir
ProxyPassReverse /ourschool-ir http://rc.library.ourschool.edu:8080/ourschool-ir
</VirtualHost>
How can I get the SP to send the correct URL to the IdP? Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180223/55283e5d/attachment.html>
More information about the users
mailing list