handlerURL returns 404 not found on apache2.4
Losen, Stephen C (scl)
scl at virginia.edu
Tue Aug 20 14:33:47 EDT 2019
Hi John,
I think Drupal uses mod_rewrite in its .htaccess file and it may be doing a rewrite that matches /Shibboleth.sso. So in the offending .htaccess file you may need to add this above the other rules to cause mod_rewrite to leave it alone.
RewriteRule Shibboleth\.sso - [L]
I think mod_rewrite modifies the request before mod_shib sees it.
Steve Losen
ITS - Enterprise Infrastructure
University of Virginia
scl at virginia.edu 434-924-0640
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of John G Heim
Sent: Tuesday, August 20, 2019 1:35 PM
To: users at shibboleth.net
Subject: handlerURL returns 404 not found on apache2.4
I am trying to get shibboleth2 working on an apache2.4 server that is also running drupal7. I have a web app outside the drupal space that I need to protect. The problem is that something in drupal seems to be preventing the handlerURL from working. I have the handlerURL set to /Shibboleth.sso but if I point a browser there, I get a 404 not found error message. I can get the handlerURL to work by assigning an alias to it but then I get the dreaded GET/POST loop. This configuration gives me the file not found error:
<Location /Shibboleth.sso>
SetHandler shib
Require all granted
AuthType None
</Location>
This config makes a URL like https://my.domain.edu/Shibboleth.sso/Status
work but after authenticating, I get a loop:
alias /Shibboleth.sso /var/www/html
<Location /Shibboleth.sso>
SetHandler shib
Require all granted
AuthType None
</Location>
I know this is an apache question but it must have come up before for people configuring shib on apache. I don't understand why apache needs an alias in order to honor the setHandler directive in a Location. And I am assuming that it is that alias that is somehow causing the loop.
--
John G. Heim; jheim at math.wisc.edu; 608-263-4189
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list