SP configuration for Apache virtual hosts

Swartzentruber, Jeb A - swart2ja swart2ja at jmu.edu
Tue May 19 19:57:33 UTC 2020


The IdP returns to https://dev.sp.jmu.edu/Shibboleth.sso/SAML2/POST, which is "Page Not Found" ("POST /Shibboleth.sso/SAML2/POST HTTP/1.1" 404) in the access log. Is the problem that the vhost doesn't recognize <Location /Shibboleth.sso> defined in Apache's shib.conf?

Yes, I currently have UseCanonicalName On. When I turn it off, requests to dev.sp.jmu.edu are redirected to 


Jeb Swartzentruber
Identity and Access Management Application Developer
JMU Information Technology 

  Please do not print this e-mail unless necessary

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Mak, Steve
Sent: Tuesday, 19 May, 2020 12:13
To: Shib Users <users at shibboleth.net>
Subject: Re: SP configuration for Apache virtual hosts

> always returned to https://dev.sp.jmu.edu/Shibboleth.sso/SAML2/POST

Logically this is correct SAML flow behavior. But what happens once the client reaches this URL?
That URL should be receiving the SAML response and if valid will redirect to relayState.

As Scott said, adding a vhost with same entityID should be as simple as adding an ACS to the sp metadata file and that's it. ShibSP will response dynamically to different domain names without any additional configuration, assuming the entityID is the same.

Also, are you using UseCanonical in your apache config?

- Steve

For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwIGaQ&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=IzgAn3-b9q8g8sAUfXr1EQ&m=lAXaNkAHRyiw1lqhkaWkfdrePFrCeNhrlz0GuN0wHMk&s=8SOImuRK1lV6Kbq-C3LWgx12-E1bSYa1cYVY0y2AnUo&e= 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list