handlerURL returns 404 not found on apache2.4

Losen, Stephen C (scl) scl at virginia.edu
Tue Aug 20 14:33:47 EDT 2019


Hi John,

I think Drupal uses mod_rewrite in its .htaccess file and it may be doing a rewrite that matches /Shibboleth.sso. So in the offending .htaccess file you may need to add this above the other rules to cause mod_rewrite to leave it alone.

RewriteRule Shibboleth\.sso - [L]

I think mod_rewrite modifies the request before mod_shib sees it.


Steve Losen
ITS - Enterprise Infrastructure
University of Virginia
scl at virginia.edu    434-924-0640


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of John G Heim
Sent: Tuesday, August 20, 2019 1:35 PM
To: users at shibboleth.net
Subject: handlerURL returns 404 not found on apache2.4

I am trying to get shibboleth2 working on an apache2.4 server that is also running drupal7. I have a web app outside the drupal space that I need to protect. The problem is that something in drupal seems to be preventing the handlerURL from working. I have the handlerURL set to /Shibboleth.sso but if I point a browser there, I get a 404 not found error message. I can get the handlerURL to work by assigning an alias to it but then I get the dreaded GET/POST loop. This configuration gives me the file not found error:

<Location /Shibboleth.sso>
   SetHandler shib
   Require all granted
   AuthType None
</Location>

This config makes a URL like https://my.domain.edu/Shibboleth.sso/Status
work but after authenticating, I get a loop:

alias /Shibboleth.sso /var/www/html
<Location /Shibboleth.sso>
   SetHandler shib
   Require all granted
   AuthType None
</Location>

I know this is an apache question but it must have come up before for people configuring shib on apache. I don't understand why apache needs an alias in order to honor the setHandler directive in a Location. And I am assuming that it is that alias that is somehow causing the loop.

--
John G. Heim; jheim at math.wisc.edu; 608-263-4189
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


More information about the users mailing list