shibboleth-dev - Re: curious SP behaviour
Subject: Shibboleth Developers
List archive
- From: Ian Young <>
- To:
- Subject: Re: curious SP behaviour
- Date: Wed, 21 Sep 2005 09:42:42 +0100
Scott Cantor wrote:
Another question I have...Are you relying on the RequestMap settings to
control the session requirements, or do you have an htaccess command
(ShibRequireSession) in Apache somewhere to force that?
I am doing as much configuration as I can in shibboleth.xml as opposed to httpd.conf, on general principles (less Apache restarts, for one).
So, all I have in the appropriate virtual host clauses is:
<Location /secure>
AuthType shibboleth
ShibRequireSession on
require valid-user
</Location>
What happens if you put ShibExportAssertion On in that same spot? Does IE
then show it exporting the assertion regardless?
Yes, if I take the extra <Host> element out of my shibboleth.xml and put this in httpd.conf:
<Location /secure>
AuthType shibboleth
ShibRequireSession on
ShibExportAssertion on
require valid-user
</Location>
... then I get the assertion exported on the first page even though the port is still being shown as 8446.
If so, I would say that reinforces that the RequestMap process is failing on
that first page access because the scheme isn't coming back from Apache
correctly, while inline native command processing turns on those flags
directly.
Seems like it.
OK, so now I have an explanation, two separate workrounds and Apache to blame. Should I just leave it there or do you want some kind of placeholder bugzilla entry?
-- Ian
- curious SP behaviour, Ian Young, 09/20/2005
- Re: curious SP behaviour, Ian Young, 09/20/2005
- RE: curious SP behaviour, Scott Cantor, 09/20/2005
- RE: curious SP behaviour, Scott Cantor, 09/21/2005
- Re: curious SP behaviour, Ian Young, 09/21/2005
- RE: curious SP behaviour, Scott Cantor, 09/21/2005
- Re: curious SP behaviour, Ian Young, 09/21/2005
- RE: curious SP behaviour, Scott Cantor, 09/21/2005
- Re: curious SP behaviour, Ian Young, 09/21/2005
- Re: curious SP behaviour, Ian Young, 09/20/2005
Archive powered by MHonArc 2.6.16.