change of response URL

Peter Schober peter.schober at
Wed Nov 21 17:28:37 EST 2018

* Rohit Shinde <rohit at> [2018-11-20 16:14]:
> I went through the documentation as you said, It says I need to read
> attributes using env variables like request.env[
> <[>"Shib-Identity-Provider”]
> But it’s not getting shibboleth values into it.

I don't know what the above should be (the URL to the Shibboleth wiki
should not be part of your Ruby coude).

There are probably many ways *not* to get attributes set by Shibboleth
as environment variables in your ruby code. It all depends on how you
do your integration between Apache httpd and Rails.

Reading between the lines of what you wrote in different parts of this
threade, e.g.:

* Rohit Shinde <rohit at> [2018-11-19 15:39]:
> Its a ruby-on-rails app where I have set route for
> Shibboleth.sso/SAML2/POST but I am not going in this controller
> rather its going on home page. It is happening because Nginx
> setting?

I would guess that you are currently:

* running Apache httpd with the Shibboleth SP
* running Rails in Nginx
* HTTP proxying from httpd to Nginx.

If the above guesses are correct then what you're trying to do cannot
work ("physically impossible" being Scott's key phrase here), as the
environment variables the Shib SP sets in Apache httpd cannot travel
to the Nginx server process.

So you'd either need to change the transfer of attibutes to HTTP
Request Headers (set by httpd+shibd, and trusted by Nginx), which is
much less secure, or restucture your deployment.
As for restructuring, there are many possibilities, e.g.:

* Run Rails from httpd and get rid of Nginx completely
  (mod_rails aka Phusion Passenger)

* Run Rails within an application server such as UWSGI and connect
  httpd to that via mod_proxy_uwsgi.

* Try to get the Shib SP running with Nginx and keep Rails behind


More information about the users mailing list