Shibboleth 3 attributes not exposed from Apache 2.4 as environment variables
vasileios.koukoutsas at uzh.ch
vasileios.koukoutsas at uzh.ch
Sat Dec 14 08:26:38 EST 2019
Hello Shibboleth community!
We have setup Shibboleth as described in Switch SP Configuration.
We are using Ubuntu with Apache 2.4 and Spring Boot on the back-end (embedded Tomcat 8.5).
There are no errors in either Apache or shibboleth logs.
After several tries to get the attributes through the Spring Boot app I get null values when I call the request.getAttribute() method to request a specific attribute.
In the /Shibboleth.sso/Session I can see all the attributes and their values as expected.
My Apache.conf relevant configuration is:
ProxyPass /Shibboleth.sso/* !
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Location /Shibboleth.sso>
SetHandler shib
</Location>
<Location /app/>
AuthType shibboleth
ShibRequestSetting requireSession true
ShibUseEnvironment On
#ShibUseHeaders On
Require shib-attr swissEduIDLinkedAffiliation ~ .*@.*
</Location>
ProxyIOBufferSize 65536
In the proxy_html.conf I have added the configuration:
ProxyRequests Off
ProxyPass /Shibboleth.sso/* !
ProxyPass /app/ https://localhost:10050/app/
ProxyPassReverse /app/ https://localhost:10050/app/
ProxyHTMLURLMap https://localhost:10050/app/ /app/
<Location /app/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap /app/ /app/
RequestHeader unset Accept-Encoding
</Location>
and in the sites-enabled my app-le-ssl.conf configuration is:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyRequests Off
ServerAdmin webmaster at localhost
ServerName example.com
ServerAlias example.com
RequestHeader set X-Forwarded-Proto "https"
<Proxy ajp://localhost:8009>
Require all granted
</Proxy>
SSLProxyEngine On
ProxyPass /app/ ajp://localhost:8009/app/
ProxyPassReverse /app/ ajp://localhost:8009/app/
ProxyPass /Shibboleth.sso/* !
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
My ApplicationDefaults and Sessions configuration in shibboleth2.xml is:
<ApplicationDefaults entityID="https://example.com/shibboleth"
homeURL="https://example.com/Shibboleth.sso/Session"
metadataAttributePrefix="Meta-"
REMOTE_USER="persistent-id uniqueID affiliation eppn swissEduIDLinkedAffiliation"
signing="false" encryption="false"
attributePrefix="AJP_">
<Sessions lifetime="28800"
timeout="3600"
relayState="ss:mem"
checkAddress="false"
consistentAddress="true"
handlerSSL="true"
redirectLimit="host"
cookieProps="https">
Since I cannot see the attributes in Java and the attributes/values are shown in /Shibboleth.sso/Session I assume that my Apache configuration is wrong or something is missing.
Please provide some assistance as I am not able to determine what is the fault.
Thanks in advance for your help, it is much appreciated!
Kind regards,
Vasileios
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191214/bb29069d/attachment.html>
More information about the users
mailing list