Skip to Content.
Sympa Menu

shibboleth-dev - RE: IDP Redirection from SSO profile to Authn Handler

Subject: Shibboleth Developers

List archive

RE: IDP Redirection from SSO profile to Authn Handler


Chronological Thread 
  • From: <>
  • To: <>
  • Subject: RE: IDP Redirection from SSO profile to Authn Handler
  • Date: Fri, 1 Feb 2008 16:41:19 -0500

Tomcat was not configured with the hostname of the machine at all, so
that certainly could be the problem. It took me awhile to even figure
out how Shibboleth was coming up with this different hostname for the
redirect. I'll double check on how to set the hostname in Tomcat, and
add that to the servlet container preparation part of the wiki; at least
I think it should go on this page of the wiki:

https://spaces.internet2.edu/display/SHIB2/IdPApacheTomcatPrepare



-----Original Message-----
From: Scott Cantor
[mailto:]

Sent: Friday, February 01, 2008 4:02 PM
To:

Subject: RE: IDP Redirection from SSO profile to Authn Handler

> Anyway, it's a strange bug that confused me until I realized my
machine
was
> configured to use my real hostname (which may or may not be considered
> incorrect), but within the federation, I am strictly using CNAME based
> hostnames for the sake of shorter and more meaningful domain names.
In
this
> case, it broke the functionality and I had to change the name of my
computer
> locally.

I would think that there's a requirement, just as with Apache
ServerName, to
properly configure Tomcat to provide the right hostname to any servlets.
It
shouldn't (and in fact cannot) be dependent on the machine's name.

If for some reason that's not possible, then just as with the SP and
IIS, a
substitute mechanism to provide the canonical name would be needed.

Also, relative redirects are not legal:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page