Server Fault Asked by J.B. on February 8, 2021
I am trying to install a Shibboleth Service Provider behind a reverse proxy, that handles SSL offloading and redirects all /shibboleth/ URLs to the VM that hosts Shibboleth SP with Apache. Here are some URL examples:
site.domain.com > go to website
site.domain.com/shibboleth/protectedURL1 > go to Shibboleth SP, first protected path
site.domain.com/shibboleth/protectedURL2 > go to Shibboleth SP, second protected path
In shibboleth2.xml
I see that all handlers URLs are relative:
<Sessions lifetime="28800" timeout="3600" checkAddress="true"
handlerURL="/Shibboleth.sso" handlerSSL="false" ....
and examining SAML calls I see that Shibboleth URLs are missing the /shibboleth/ part:
https://site.domain.com/Shibboleth.sso/SAML2/POST
That link is indeed not working, but if I manually add /shibboleth/ : https://site.domain.com/shibboleth/Shibboleth.sso/SAML2/POST it works.
Where I can configure shibboleth URLs, adding /shibboleth/?
I had to modify handlerURL
in Sessions
section of shibboleth2.xml, then reconfigure Apache adding /shibboleth/ to all locations. I found a clue digging in Shibboleth documentation: https://wiki.shibboleth.net/confluence/display/SP3/Sessions#Sessions-AdvancedConfiguration
Here is my final Sessions
section:
<Sessions lifetime="28800" timeout="3600" checkAddress="false" handlerURL="/shibboleth/Shibboleth.sso" handlerSSL="false" exportLocation="/GetAssertion" idpHistory="false" idpHistoryDays="7">
Answered by J.B. on February 8, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP