SLO Problems

Bob Allison shib at allisonr.us
Tue Apr 16 19:40:47 EDT 2019 

I am also using that image. I confirmed that removing jetty-rewrite.xml completely solved my problems. Only removing the last addRule was not enough for me. I guess the question is if there is any reason to have the file at all if both rules have been removed.

> On Apr 16, 2019, at 13:07, Darren Boss <darren.boss at computecanada.ca <mailto:darren.boss at computecanada.ca>> wrote:
> 
> So I think I tracked it down to Jetty configuration. I'm using the Unicon shibboleth-idp-dockerized image although I rebuild it and I do make some minor tweaks as a layer on top of their image.
> 
> https://github.com/Unicon/shibboleth-idp-dockerized/blob/master/opt/shib-jetty-base/etc/jetty-rewrite.xml <https://github.com/Unicon/shibboleth-idp-dockerized/blob/master/opt/shib-jetty-base/etc/jetty-rewrite.xml>
> 
> I think that's the culprit and that last addRule can be removed. If it works I'll create a PR to their project.
> 
> On Tue, Apr 16, 2019 at 11:19 AM Cantor, Scott <cantor.2 at osu.edu <mailto:cantor.2 at osu.edu>> wrote:
> On 4/16/19, 9:43 AM, "users on behalf of Darren Boss" <users-bounces at shibboleth.net <mailto:users-bounces at shibboleth.net> on behalf of darren.boss at computecanada.ca <mailto:darren.boss at computecanada.ca>> wrote:
> 
> > It does look like my problem might be related to running under Kubernetes, specifically that http headers are being set
> > by the nginx proxy.
> 
> That doesn't inherently mean the headers are in fact correctly usable out of the box, there still might be a mistake in our understanding.
> 
> You should NOT need to alter the headers to make logout work, and I have never had to do so in any testing scenarios I've attempted. So either my testing is artificial and doesn't match a real world issue in some way, or people are mistaken somewhere about what Chrome is really saying.
> 
> -- Scott
> 
> 
> -- 
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg <https://wiki.shibboleth.net/confluence/x/coFAAg>
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
> 
> 
> -- 
> Darren Boss
> Senior Programmer/Analyst
> Programmeur-analyste principal
> darren.boss at computecanada.ca <mailto:darren.boss at computecanada.ca>
> (o) 416.228.1234 x 230
> (c) 919.525.0083
> -- 
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg <https://wiki.shibboleth.net/confluence/x/coFAAg>
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190416/51a98c5b/attachment.html>

More information about the users mailing list