403 Forbidden Issue

Chris Lopez pez at gwu.edu
Tue Jan 25 21:02:12 UTC 2022 

Nate,

Yes it is an Apache 403 error.

I followed the documentation online as well as the examples that came with
shibboleth for Apache 2.4

These are the configurations inside the apache virtualhost configs.

NOTE 1: I attempted configurations with and without a trailing slash after
the /secure Location.
NOTE 2: I have X'd out the entity id


  <Location /Shibboleth.sso>

    Require all granted

    SetHandler shib

  </Location>

  <Location /secure/>

    AuthType shibboleth

    ShibRequestSetting requireSession 1

    ShibRequestSetting entityID
https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx/

    require shib-session

  </Location>

Thanks
Chris


On Tue, Jan 25, 2022 at 3:51 PM Nate Klingenstein <ndk at sudonym.me> wrote:

> Chris,
>
> Making the assumption that you're getting the 403 from Apache, the
> authorization directives changed radically between versions 2.2 and 2.4.
> Check the Apache settings that you have protecting that location to make
> sure they match the OOTB configuration shipped with 3.3.
>
> If that all looks normal, we'll need more details.
>
> Take care,
> Nate
>
>
> On Tue, Jan 25, 2022 at 1:43 PM Chris Lopez via users <
> users at shibboleth.net> wrote:
>
>> I was previously setup in a environment with coldfusion 11, apache 2.2
>> and Shibboleth SP 2.0, and we had the environment working perfectly.
>>
>> We have recently setup a new environment with coldfusion 2018, apache 2.4
>> and Shibboleth SP 3.0. We have all of our configurations (both shibboleth,
>> and apache) in place as they should be. When attempting to test, the user
>> gets routed to authenticate (as it should), and the authentication process
>> is successful (as it should). After authentication, it routes to /secure
>> where it then shows a 403 Forbidden message.
>>
>> I noticed that it adds a slash at the end (/secure/), and thought that
>> might be a problem, however, I don't believe that is the issue as (#1) the
>> old environment behaves the same way and (#2) I added trailing slashes in
>> the Location /secure/ settings as well. This had no effect, leading me to
>> believe that isn't the issue.
>>
>> I have verified by going to /Shibboleth.sso/Sessions, checking
>> transaction and shib logs, as well as using Chrome Developer Tools >
>> Network > cookies, that a session indeed has been created, however the
>> /secure Location is still throwing a 403 Forbidden.
>>
>> Our Identity guy and myself are banging our heads against the wall on
>> this one... Please Help !!
>>
>> Thanks
>> Pez
>> --
>> For Consortium Member technical support, see
>> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220125/31c037c4/attachment.htm>

More information about the users mailing list