SP configuration for Apache virtual hosts

Swartzentruber, Jeb A - swart2ja swart2ja at jmu.edu
Mon May 18 20:50:24 UTC 2020 

Greetings,

I have an Apache server using mod_shib for an application (SP v3.1.0) that can be accessed 3 ways when including virtual hosts. They are named sp.jmu.edu, dev.sp.jmu.edu, and dev.sp3.jmu.edu. Based on a previous message thread, I added AssertionConsumerService configurations for each, like this:

<md:AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                Location="https://sp.jmu.edu/Shibboleth.sso/SAML2/POST"/>
<md:AssertionConsumerService index="2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
                Location="https://sp.jmu.edu/Shibboleth.sso/SAML2/POST-SimpleSign"/>
<md:AssertionConsumerService index="3" Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
                Location="https://sp.jmu.edu/Shibboleth.sso/SAML2/ECP"/>
<md:AssertionConsumerService index="4" Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
                Location="https://sp.jmu.edu/Shibboleth.sso/SAML/POST"/>
<md:AssertionConsumerService index="5" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                Location="https://dev.sp.jmu.edu/Shibboleth.sso/SAML2/POST"/>
[ ...dev.sp.jmu.edu versions of index 2-4... ]
<md:AssertionConsumerService index="9" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                Location="https://sp3.jmu.edu/Shibboleth.sso/SAML2/POST"/>
[ ...sp3.jmu.edu versions of index 2-4... ]

When I browse to https://sp3.jmu.edu/ (the actual server name), everything works correctly. When I try https://dev.sp.jmu.edu/, auth happens correctly (including detecting an auth session from sp3.jmu.edu), but I am always returned to https://dev.sp.jmu.edu/Shibboleth.sso/SAML2/POST no matter what URL on that server I try to access (i.e. https://dev.sp.jmu.edu/dir1/, https://dev.sp.jmu.edu/dir2/).

Any idea what I have wrong? I noticed in the SP 3.0.0 release notes that the entityIDSelf content setting was added, but I can't tell where to use it from the documentation.

Thanks in advance,


Jeb Swartzentruber
Identity and Access Management Application Developer
JMU Information Technology

 P Please do not print this e-mail unless necessary

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200518/2de8fe1a/attachment.htm>

More information about the users mailing list