rewrite/redirect just after authentication

Marco Broglia marco.broglia at
Wed Apr 13 09:04:57 UTC 2022

     we have idp v4.1.6 and sp v3.2.3. In our Apache vh config file:

<Location />
     AuthType shibboleth
     ShibRequestSetting requireSession true
     Require shib-session

RewriteCond %{LA-U:REMOTE_USER} .+
RewriteRule ^/(.*) https://.../$1 [R,L]

The two goals are:
  [major] redirect only auth'ed user to another (external) url
  [minor] curl the metadata: curl https://<vh>/Shibboleth.sso/Metadata

Two problems:
  - [major] I have two warn/err messages for each authentication:
    - in shibd(_warn).log:
/WARN Shibboleth.SSO.SAML2 [21] [default]: error processing incoming 
assertion: Invalid HTTP method (GET)/
    - in Apache error_log:
/[mod_shib:error] [...] Invalid HTTP method (GET)., referer: 
// <>/
  - [minor] curl returns bad metadata (two concatenated output) when the
     RewriteCond/Rule is present (it's ok without the rules)

Thanks in advance.

% Marco Broglia
% via per Vimodrone 9, 20093 Cologno Monzese (MI)
% email:marco.broglia at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list