Project

General

Profile

Bug #19745

Aliases fail when shibboleth session has not be established.

Added by Stephen White over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
04/18/2018
Due date:
% Done:

100%

Estimated time:
First Occurred:
Scope:
Internal
Experiment:
-
Stakeholders:
Duration:

Description

Without an active shibboleth session, using the aliases poms, pomsdev or pomsint in the link https://poms.fnal.gov/poms/ produces the following error:

opensaml::FatalProfileException
The system encountered an error at Wed Apr 18 09:34:53 2018

To report this problem, please contact the site administrator at .

Please include the following message in any email:

opensaml::FatalProfileException at (https://pomsgpvm01.fnal.gov/Shibboleth.sso/SAML2/POST)

SAML response reported an IdP error.

Error from identity provider:

Status: urn:oasis:names:tc:SAML:2.0:status:Requester
Message: Unknown AssertionConsumerServiceURL https://poms.fnal.gov/Shibboleth.sso/SAML2/POST

History

#1 Updated by Stephen White over 2 years ago

  • Assignee set to Vladimir Podstavkov

#2 Updated by Stephen White about 2 years ago

  • Assignee changed from Vladimir Podstavkov to Marc Mengel

#3 Updated by Marc Mengel about 2 years ago

So doing testing on fermicloud045, the probblem is not what RewriteRules we had, it was where we had them. Some have to be out in the default host, (i.e. the ones that redirect to https: if SSL is not enabled), others have to be in the ssl.conf in the <VirtualHost> block for the SSL enabled server -- otherwise they don't happen.

So we need to do the same to pomsgpvm01 on our next downtime...

#4 Updated by Marc Mengel about 2 years ago

  • Status changed from New to Work in progress
  • % Done changed from 0 to 90

#5 Updated by Marc Mengel about 2 years ago

  • Status changed from Work in progress to Resolved
  • % Done changed from 90 to 100

#6 Updated by Marc Mengel about 2 years ago

UPdated config on pomsgpvm01, so the rewrite rules are in the right vhosts.

#7 Updated by Stephen White about 2 years ago

  • Status changed from Resolved to Closed


Also available in: Atom PDF