403 Forbidden Issue

Chris Lopez pez at gwu.edu
Tue Jan 25 20:42:46 UTC 2022

I was previously setup in a environment with coldfusion 11, apache 2.2 and
Shibboleth SP 2.0, and we had the environment working perfectly.

We have recently setup a new environment with coldfusion 2018, apache 2.4
and Shibboleth SP 3.0. We have all of our configurations (both shibboleth,
and apache) in place as they should be. When attempting to test, the user
gets routed to authenticate (as it should), and the authentication process
is successful (as it should). After authentication, it routes to /secure
where it then shows a 403 Forbidden message.

I noticed that it adds a slash at the end (/secure/), and thought that
might be a problem, however, I don't believe that is the issue as (#1) the
old environment behaves the same way and (#2) I added trailing slashes in
the Location /secure/ settings as well. This had no effect, leading me to
believe that isn't the issue.

I have verified by going to /Shibboleth.sso/Sessions, checking transaction
and shib logs, as well as using Chrome Developer Tools > Network > cookies,
that a session indeed has been created, however the /secure Location is
still throwing a 403 Forbidden.

Our Identity guy and myself are banging our heads against the wall on this
one... Please Help !!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220125/472d2529/attachment.htm>

More information about the users mailing list