Shibboleth SP error - Blocked unacceptable redirect location. due to trailing slash?
Bang Pham Huu
pham at rasdaman.com
Mon Jan 31 11:56:47 UTC 2022
Hello,
I've tested Shibboleth version 3.2.3-3.1 on Centos 7 and it is has an error
when I visit https://localhost/test (test is the secured endpoint which
is a java web application behind the Apache proxy).
It works fine thought when I add the trailing slash manually on Web
Browser as https://localhost/test/. But this is not ideal.
> <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
> checkAddress="false" handlerSSL="true"
> cookieProps="https"
> redirectLimit="exact">
In log of Shibboleth, it says:
> 2022-01-31 12:48:00 WARN Shibboleth.Application [47] [default]:
> redirectLimit policy enforced, blocked redirect to (http://localhost/test)
> 2022-01-31 12:48:00 WARN Shibboleth.SSO.SAML2 [47] [default]: error
> processing incoming assertion: Blocked unacceptable redirect location.
I have this setting in Apache /etc/httpd/conf/httpd.conf
ProxyPass /test ajp://localhost:8009/test/
<Location /test>
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
</Location>
In /etc/shibboleth/shibboleth2.xml, it has the default Session element:
> <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
> checkAddress="false" handlerSSL="true"
> cookieProps="https"
> redirectLimit="exact">
Thanks,
More information about the users
mailing list