node.js,apache,perl,shibboleth
Thanks to @mpapec's comment, I solved this by passing the Apache environment variables upstream as request headers: RequestHeader set X-Auth-Type %{AUTH_TYPE}e RequestHeader set X-EPPN %{eppn}e RequestHeader set X-Shib-Session-ID %{Shib-Session-ID}e These now appear in req.headers in my Node.js app; although X-Auth-Type is mysteriously set to (null)... I can work around that,...
ruby-on-rails-4,passenger,shibboleth
It turn out it was a issue on phusion-passenger: https://github.com/phusion/passenger/issues/1446 It was fixed on passenger-5.0.6. Francesco ...
node.js,encryption,passport.js,saml-2.0,shibboleth
Yes, the cert is the certificate of the identity provider -- not necessarily its HTTPS certificate though. Your shibboleth identity provider should have a provider metadata document. If you haven't already, you probably want to make sure the contents of uwIdpCert matches the <ds:X509Certificate> block in that document. (here is...
java,object,casting,shibboleth,opensaml
I tried to validate your metadata xml using the method described in here. https://wiki.surfnet.nl/display/OpenConext/Validating+SAML2+metadata It says that element (after adding the metadata namespace) RoleDescriptor: Schemas validity error : Element '{urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor': The type definition is abstract. As the saml metadata spec says, The RoleDescriptor element is an abstract extension point that...
If I see this post which has the same problem: Retrieving Shibboleth attributes from AJP connector request It looks like the getAttributeNames() of this container isn't well implemented for some reason and doesn't return all of the attributes This links may help too: http://stackoverflow.com/a/3533183/2575906 for the getAttributesNames implementation problem http://stackoverflow.com/a/17663394/2575906...
java,saml,adfs,shibboleth,opensaml
Your application needs to act as a SAML SP, either directly (from your code), or indirectly (e.g. through SAML SP support on reverse proxy, application server, ...). For direct options (which require more modifications to your application) you can: code the SAML SP yourself (most likely with OpenSAML, you can...
java,saml-2.0,shibboleth,opensaml
This is the reply i got it from official forum: A) An alternative API to be used in OpenSAML 3.1.1 for "SecureRandomIdentifierGenerator" A.1)Using Open SAML 2.6 Sample SessionID generation at SP(non shibboleth SP Component) is given below :: SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator(); sessionId=generator.generateIdentifier(); A.2)Using Open SAML 3.1.1 ??? The...
testshib.org is good way to test shibboleth. You cannot use localhost as SP to connect to remote IDp, that iDp won't find any SP to return to because localhost means it's own system so IDp would go in it's local system and find your given SP's entity ID. It won't...
c#,asp.net,model-view-controller,shibboleth
You'll want to create a method in Global.asax.cs that has the following signature protected void Application_PostAuthenticateRequest() { //Your code here. } This will be called automatically before almost anything else is done (MVC will call this method if it exists, you don't have to "turn it on" anywhere), and this...
wordpress,apache,.htaccess,mod-rewrite,shibboleth
Another option, (as per my comment under question): RewriteCond %{REQUEST_URI} !\.sso/ # exclude Shibboleth extensions RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] ...add another condition to the second RewriteRule group, excluding requests that contain a dot-s-s-o-forward slash. :)...
I was able to figure out that Shibboleth IDP error.jsp gets any error messaging from a Throwable, if it exists, in the request as an attribute under the key AbstractErrorHandler.ERROR_KEY. So in my servlet, I catch all exceptions in the service method, customize an exception and set it as a...
java,google-app-engine,saml-2.0,shibboleth
You can embed Spring SAML Extension (product built on top of OpenSAML) into your application. It will enable you to act as a SAML 2.0 Service Provider. You can see a working demo of such approach at http://saml-federation.appspot.com/ which shows a Spring SAML sample application connected to SSO Circle IDP....