Need to support trailing / at <url>/Shibolleth.sso/Login

[Larry Fortier]

Thanks Scott.  

Evidently the Microsoft Azure Application proxy is forcing the target URL to have either an actual file name or the / at the end of the URL.  I agree it is nuts.  It can open security issues with Apache as the target since by default Apache will list the folder contents if this is enabled and you do not have an index.html or other landing page defined.  For dynamic content like Shibboleth it just does not appear to work at all.  

I'll keep at it.

Larry Fortier
Managed Services Consultant
                                                                
EAC Product Development Solutions
1-888-225-7579 ext. 136 - Office
612-867-5511 - Mobile
http://eacpds.com

Transforming how companies design, manufacture, connect to and service their products.

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Friday, February 22, 2019 2:41 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Need to support trailing / at <url>/Shibolleth.sso/Login

I don't think that it would work, but at best you'd have to torch the way the system lays out its handlers automatically and replace the <SSO> element with pre-2.4 syntax handlers laid out manually. Lot of work when you don't know the system, probably no better than even odds it would work. I'd experiment adding a slash to the simpler handlers there like Status or Session and see if that functions at all.

Personally I'd fix the proxy. Proxies don't get to dictate what they proxy, that's nuts. It doesn't make any sense, no application would ever work.
 
-- Scott


-- 
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net