SP configuration for Apache virtual hosts

Swartzentruber, Jeb A - swart2ja swart2ja at jmu.edu
Tue May 19 16:07:53 UTC 2020

Thanks for your response. Let me try to explain it better.

We have a webserver (sp3.jmu.edu) SP that uses the Apache AuthType shibboleth for access control. When I go to https://sp3.jmu.edu/dir1/, I am redirected to the IdP for authentication, after which I am returned to the content at https://sp3.jmu.edu/dir1/. No problems there.

Now, I simply want to add a virtual host (dev.sp.jmu.edu) that will share the entityID and behave exactly like sp3.jmu.edu does. I configure the vhost and is serves the https://dev.sp.jmu.edu/dir1/ content correctly. When I add AuthType shibboleth and Require shib-session to the vhost, I am redirected to the IdP and authenticated just like with sp3.jmu.edu, but I am always returned to https://dev.sp.jmu.edu/Shibboleth.sso/SAML2/POST instead of the original URL I requested (https://dev.sp.jmu.edu/dir1/).

Does that make more sense?

Thanks again,

Jeb Swartzentruber
Identity and Access Management Application Developer
JMU Information Technology 

  Please do not print this e-mail unless necessary

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Monday, 18 May, 2020 17:00
To: Shib Users <users at shibboleth.net>
Subject: Re: SP configuration for Apache virtual hosts

On 5/18/20, 4:50 PM, "users on behalf of Swartzentruber, Jeb A - swart2ja" <users-bounces at shibboleth.net on behalf of swart2ja at jmu.edu> wrote:

> Any idea what I have wrong? I noticed in the SP 3.0.0 release notes 
> that the entityIDSelf content setting was added, but I can’t tell where to use it from the documentation.

No idea what you're trying to do.

Do you want one entityID or three? One means you do nothing special but add the endpoints to the metadata, done. Go to host A, response will be sent back to host A. Start at host B, response is to host B. etc. Response location is auto-derived from the resource you start on.

If you want separate entityIDs then an entityIDSelf request setting added to Location / on each vhost will take care of that case (along with full metadata for each one).

-- Scott

For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwIGaQ&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=IzgAn3-b9q8g8sAUfXr1EQ&m=K9N0C8Caa69cOla_F8dWrMvRfGV7pcLk9qNi6SiI8SM&s=NckcOw9zg6u0FKKsuWzHbb8CXU4jjYdveUGtx7BfrhQ&e=
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list