403 Forbidden Issue
pez at gwu.edu
Tue Jan 25 22:46:52 UTC 2022
..And this is the shib.conf file:
# Load the Shibboleth module.
LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
Require all granted
Require all granted
Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
ShibRequestSetting requireSession 1
On Tue, Jan 25, 2022 at 5:14 PM Nate Klingenstein <ndk at sudonym.me> wrote:
> I don't see anything immediately wrong with the configuration there. The
> trailing slash shouldn't matter. Do you have any overriding
> directives(like Directory blocks or .htaccess files) elsewhere in Apache's
> It's going to take some digging, but I think this is almost certainly an
> Apache configuration issue.
> Hope this helps, and I can understand why you're scratching your heads,
> On Tue, Jan 25, 2022 at 2:02 PM Chris Lopez <pez at gwu.edu> wrote:
>> Yes it is an Apache 403 error.
>> I followed the documentation online as well as the examples that came
>> with shibboleth for Apache 2.4
>> These are the configurations inside the apache virtualhost configs.
>> NOTE 1: I attempted configurations with and without a trailing slash
>> after the /secure Location.
>> NOTE 2: I have X'd out the entity id
>> <Location /Shibboleth.sso>
>> Require all granted
>> SetHandler shib
>> <Location /secure/>
>> AuthType shibboleth
>> ShibRequestSetting requireSession 1
>> ShibRequestSetting entityID
>> require shib-session
>> On Tue, Jan 25, 2022 at 3:51 PM Nate Klingenstein <ndk at sudonym.me> wrote:
>>> Making the assumption that you're getting the 403 from Apache, the
>>> authorization directives changed radically between versions 2.2 and 2.4.
>>> Check the Apache settings that you have protecting that location to make
>>> sure they match the OOTB configuration shipped with 3.3.
>>> If that all looks normal, we'll need more details.
>>> Take care,
>>> On Tue, Jan 25, 2022 at 1:43 PM Chris Lopez via users <
>>> users at shibboleth.net> wrote:
>>>> I was previously setup in a environment with coldfusion 11, apache 2.2
>>>> and Shibboleth SP 2.0, and we had the environment working perfectly.
>>>> We have recently setup a new environment with coldfusion 2018, apache
>>>> 2.4 and Shibboleth SP 3.0. We have all of our configurations (both
>>>> shibboleth, and apache) in place as they should be. When attempting to
>>>> test, the user gets routed to authenticate (as it should), and the
>>>> authentication process is successful (as it should). After authentication,
>>>> it routes to /secure where it then shows a 403 Forbidden message.
>>>> I noticed that it adds a slash at the end (/secure/), and thought that
>>>> might be a problem, however, I don't believe that is the issue as (#1) the
>>>> old environment behaves the same way and (#2) I added trailing slashes in
>>>> the Location /secure/ settings as well. This had no effect, leading me to
>>>> believe that isn't the issue.
>>>> I have verified by going to /Shibboleth.sso/Sessions, checking
>>>> transaction and shib logs, as well as using Chrome Developer Tools >
>>>> Network > cookies, that a session indeed has been created, however the
>>>> /secure Location is still throwing a 403 Forbidden.
>>>> Our Identity guy and myself are banging our heads against the wall on
>>>> this one... Please Help !!
>>>> For Consortium Member technical support, see
>>>> To unsubscribe from this list send an email to
>>>> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users