ContentSetting discoveryURL

Stefan Beck stefan.beck at
Tue Feb 25 09:31:21 EST 2020

My use case is not protect a certain location, but just use shibboleth for authentication. The rest of the site is handled by WSGI/Django (and static files). Sorry, I should have included this in my description.

This is why I applied it to the Shib Handler base URL.

When calling /Shibboleth.sso/Login I get the correct entityID. The entityID in the generated metadata is correct, too. Where would the entityID be not correct? What would be the correct approach for my use case then?

Testwise I applied protection for the entire vhost and then the discoveryURL was indeed correct with one exception: When I directly called /Shibboleth.sso/Login I got the discoveryURL defined in shibboleth2.xml.


Am 24.02.20 um 17:17 schrieb Cantor, Scott:
>> In [2] there is the ContentSetting discoveryURL which I set in apache vhosttogether with entitiyIdSelf. While
>> entityIdSelf is applied, disocveryURL is ignored, i.e. the value defined in shibboleth2.xml is used.
> Because you're not applying it to the entire vhost, and most particularly the actual content being protected. The entityID won't be overridden properly either.
> -- Scott

Stefan Beck
Universitäts- und Landesbibliothek Darmstadt
IT, Forschung und Entwicklung
Projekt Darmstädter Tagblatt | Projekt LaVaH

Tel.: +49 6151 / 16-76294

More information about the users mailing list