Enforcing SPNEGO

Aterea Brown atbrown at aut.ac.nz
Mon Jul 8 23:04:49 EDT 2019


On a related note is there any way to increase the max header size in jetty/shibboleth?

thanks
art

--
Aterea Brown, AUT University
Cybersecurity, ICT
Email: atbrown at aut.ac.nz Phone: 9219999 x 6523
________________________________
From: users <users-bounces at shibboleth.net> on behalf of Aterea Brown <atbrown at aut.ac.nz>
Sent: Tuesday, 9 July 2019 2:50 PM
To: Shib Users
Subject: Re: Enforcing SPNEGO

ok tracked it down, user has to0 many AD groups.

--
Aterea Brown, AUT University
Cybersecurity, ICT
Email: atbrown at aut.ac.nz Phone: 9219999 x 6523

________________________________
From: users <users-bounces at shibboleth.net> on behalf of Aterea Brown <atbrown at aut.ac.nz>
Sent: Tuesday, 9 July 2019 12:00 PM
To: Shib Users
Subject: Re: Enforcing SPNEGO

Been troubleshooting this some more it seems the auth flow will disable autologin before running spnego hence that output.
Still need to figure out why its dying/is not sucessful.  More digging!

--
Aterea Brown, AUT University
Cybersecurity, ICT
Email: atbrown at aut.ac.nz Phone: 9219999 x 6523
________________________________
From: users <users-bounces at shibboleth.net> on behalf of Aterea Brown <atbrown at aut.ac.nz>
Sent: Tuesday, 9 July 2019 10:00 AM
To: Shib Users
Subject: Enforcing SPNEGO

Hi All,

I have an issue with a particular user.  I have set the following in spnego-authn-config.xml

 <util:constant id="shibboleth.authn.SPNEGO.EnforceRun" static-field="java.lang.Boolean.TRUE" />

but when this user logs in and attempts SPNEGO the logs output "autologin is disabled", then it quits and gives a
bad request response to the browser.  This happens across all browsers.

Any ideas?



--
Aterea Brown, AUT University
Cybersecurity, ICT
Email: atbrown at aut.ac.nz Phone: 9219999 x 6523
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190709/0bbff73c/attachment.html>


More information about the users mailing list