403 Forbidden Issue

Nate Klingenstein ndk at sudonym.me
Tue Jan 25 20:51:05 UTC 2022


Making the assumption that you're getting the 403 from Apache, the
authorization directives changed radically between versions 2.2 and 2.4.
Check the Apache settings that you have protecting that location to make
sure they match the OOTB configuration shipped with 3.3.

If that all looks normal, we'll need more details.

Take care,

On Tue, Jan 25, 2022 at 1:43 PM Chris Lopez via users <users at shibboleth.net>

> I was previously setup in a environment with coldfusion 11, apache 2.2 and
> Shibboleth SP 2.0, and we had the environment working perfectly.
> We have recently setup a new environment with coldfusion 2018, apache 2.4
> and Shibboleth SP 3.0. We have all of our configurations (both shibboleth,
> and apache) in place as they should be. When attempting to test, the user
> gets routed to authenticate (as it should), and the authentication process
> is successful (as it should). After authentication, it routes to /secure
> where it then shows a 403 Forbidden message.
> I noticed that it adds a slash at the end (/secure/), and thought that
> might be a problem, however, I don't believe that is the issue as (#1) the
> old environment behaves the same way and (#2) I added trailing slashes in
> the Location /secure/ settings as well. This had no effect, leading me to
> believe that isn't the issue.
> I have verified by going to /Shibboleth.sso/Sessions, checking transaction
> and shib logs, as well as using Chrome Developer Tools > Network > cookies,
> that a session indeed has been created, however the /secure Location is
> still throwing a 403 Forbidden.
> Our Identity guy and myself are banging our heads against the wall on this
> one... Please Help !!
> Thanks
> Pez
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220125/0e2002a6/attachment.htm>

More information about the users mailing list