48 questions
0
votes
0
answers
17
views
Shibboleth SP deleting Load balancer set Cookie
We have a Load balancer for the application and Shibboleth SP,Azure ADP for authentication.
We use Load balancer cookie persistence for session persistence with timeout set for 10 hrs.
1.Initially ...
0
votes
0
answers
27
views
Issues with Shibboleth SP Configuration for Keystone Federation
I am currently facing issues with setting up Shibboleth SP to work with a Keystone federation environment -- devstack installation. Despite following several guides and attempting multiple ...
- 49
0
votes
0
answers
122
views
Shibboleth Integration with Entra ID
I am trying to integrate Microsoft Entra ID for MFA with a Web App, and so far have completed the cycle of MFA and got the session authenticated. However, post authentication when the redirection ...
- 1
0
votes
0
answers
75
views
Microsoft Entra ID as MFA in Shibboleth
Can we use Microsoft Entra ID as MFA in Shibboleth? Are there any extra steps involved apart from configuring the standard IDP configuration?
- 75
0
votes
0
answers
43
views
Target url when using Spring Security with Shibboleth/SAML2
I'm trying to implement SSO with Shibboleth/SAML2 in my spring boot application.
All in all, it already works. Now i want to have a certain page (let's say /exams/42) on which a login-button should be,...
- 647
0
votes
0
answers
99
views
Shibboleth IdP metadata XML: Unable to open directory
Shibboleth is having issues reading/writing where it needs to do stuff. I'm using Shibboleth 3.4 SP installed on Windows Server 2022 with IIS 10.
I'm running this command to check the setup:
C:\opt\...
- 11
0
votes
0
answers
29
views
Decrypt Environment Variables using Apache2
I'd like to store private encrypted information into an environment variable and then decrypt it in apache2 config file, but i haven't found any example to look for an i have no idea on how to ...
- 1
0
votes
0
answers
89
views
Shibboleth SP not returning to proper server when using GCP load balancer with path rules
I think I have a bit of a unique situation here. I have the following setup:
Server A set up with Shibboleth SP and using Google SAML as an IDP.
Server B set up with Shibboleth SP and using the same ...
2
votes
1
answer
250
views
How to submit a shibboleth-protected WEB page from code using a POST call
High-level summary
My goal is to do a POST call from my code to submit a request through a web server that requires Shibboleth authentication.
At the moment I am fine to just collect the BASE64 SAML ...
- 161
0
votes
0
answers
94
views
Cannot access the value of a specific custom field of the HttpRequest header, named "serialNumber"
We are developing a .NET 7.0 web app, running on IIS 7. Our users will be authenticated remotely so we have Shibboleth-sp 3.4 installed to communicate with the appropriate IdPs. The IdPs send the ...
- 176
1
vote
0
answers
73
views
Shibboleth SP RequestMap not starting authn flow
I have an application that requires different URLs to be associated to different entityID's. From my research I found that using a RequestMap allows me to redefine the entityIDSelf .
However, when ...
- 11
0
votes
1
answer
205
views
How to access Shibboleth Header and CGI variable with IIS and in Windows 2008 R2
How can I access shibboleth attributes to login to application or create user base on attributes?
The application is running on Coldfusion 10 in Windows 2008 R2 server with 64bit Operating System. ...
-1
votes
1
answer
411
views
SELinux problem during RPMS repository configuration with Ansible
I am using this Ansible task to deploy an rpm package to an RHEL8 server:
- name: Add the shibboleth Repository configuration
yum_repository:
name: security_shibboleth
description: ...
- 13
0
votes
1
answer
114
views
Can't decode saml message from shibboleth SP - invalid byte 1 of 1-byte UTF-8 sequence - java
In some installations we have a Service Provider Shibboleth Sp v3 and a Shibbleth idp V4 and all works fine.
For some reasons in an other environments we have to rely on a customized idp that we are ...
- 161
0
votes
1
answer
548
views
Where does the SAML NotOnOrAfter Condition Originate?
I have a client where the NotOnOrAfter condition in the SAML response is always 5 minutes after login. The IdP is Okta and the SP is Shibboleth SP 3. I am not seeing anything on the Shibboleth side ...
- 591
0
votes
1
answer
297
views
Shibboleth variables not coming over with Coldfusion 2021 & IIS
I am trying to use Shibboleth 3 as the sp and azure AD as the ipd and I can see that I have successfully implemented based on the Shibboleth transaction log.
2022-12-16 12:35:54|Shibboleth-...
- 354
2
votes
3
answers
794
views
Why do I get this Crystal Reports error when running on new server after upgrade to OEM 2020 CR Runtime 64-bit version?
Trying to access Crystal Report through ASP.NET Web Forms application and get the following error when trying to run the report.
System.Runtime.InteropServices.COMException: Retrieving the COM class
...
- 6,197
1
vote
1
answer
1k
views
Shibboleth 3 on Windows Server 2022
I am unable to get IIS on Windows Server 2022 to interact with Shibboleth 3 SP. I followed the Shibboleth 3 SP installation instructions and ticked the 'Configure IIS' option at the installation stage....
- 491
0
votes
1
answer
84
views
How can configure shib.conf when using both SAML sso and password login
Already I installed and configured shibboleth in our server for sso login. Whenever I hit any page in my website, it will redirect to my IDP for authentication.
Now I need to implement password login ...
- 1
0
votes
1
answer
590
views
Send login_hint parameter from Shibboleth (Service provider) to Azure AD (Identity Provider)
We installed Shibboleth SP3 on our IIS instance, it works pretty well to have a SSO authentication.
However, we want to pass a « login_hint » parameter to Azure (our IdP) to ease people with multiple ...
2
votes
1
answer
1k
views
How to setup shibboleth for saml azure ad
Hey I have given a task to setup shibboleth to authenticate my web application ( .net core application (SP) ) using saml 2.0 with azure ad. My web application will act as SP and will manipulate the ...
- 117
0
votes
0
answers
127
views
redirect after shib login coldfusion
I need to do the following steps:
1 - authenticate through shibboleth on local coldfusion server
2 - create security token on local coldfusion server
3 - redirect to external site passing along the ...
- 1
0
votes
1
answer
1k
views
How does a Shibboleth SP configure IdP metadata files without any downtime in the Shibboleth service?
I am curious how Service Providers of Shibboleth avoid downtime in their Shibboleth Service when installing/updating Metadata files within their configuration. I have seen a few websites offer the ...
- 349
1
vote
1
answer
4k
views
400 Bad Request You're speaking plain HTTP to an SSL-enabled server port kubernetes pod
I am getting the error "400 Bad Request Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS ...
0
votes
1
answer
2k
views
Apache 2.4 start/stop throws "undefined symbol: ber_sockbuf_io_udp" error after configuring it with Shibboleth SP 3.2.0
Operating System: Red Hat Enterprise Linux Server 7.9 (Maipo)
Apache version: Apache/2.4.46 (Unix)
Shibboleth version: 3.2.0
Error when trying to stop Apache (apachectl stop):
httpd: Syntax error on ...
- 1
0
votes
1
answer
3k
views
opensaml::BindingException when logging out of a Shibboleth Service Provider with Azure ActiveDirectory as IdP
When users click logout, I'm redirecting them to "/Shibboleth.sso/Logout"
This successfully brings them to the Microsoft logout page, then they get redirected back to the SP.
However, as ...
- 1,005
0
votes
0
answers
2k
views
Intermittent Cannot connect to shibd process, a site adminstrator should be notified
We have a shibboleth native SP 2.5.4 that's been running for a few years without any issues. Yesterday I had to update a certificate for one of the IDP. Since that restart I've been getting ...
- 625
3
votes
1
answer
3k
views
Shibboleth SP logout does not redirect to my correct server URL
I have recently configured Shibboleth Service Provider for my IIS web server and Microsoft Azure. The authentication works like a charm but I do have some problems getting Azure or Shibboleth to ...
- 2,269
2
votes
2
answers
2k
views
Java - Spring security, Shibboleth (apache) and onelogin
The actual Spring Security configuration is like this:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void ...
- 269
0
votes
1
answer
824
views
How to setup 2 identical Shibboleth SP on 2 redundant servers
For availability purpose, I have a redundant setup with 2 fronts and 2 backs.
Each front hosts a web server, serving the same pages.
Each front runs a instance of Shibboleth SP, redirecting to the ...
- 689
0
votes
1
answer
430
views
Azure AD as central auth server and Shibbolth as Service provider
We have SSO setup where we are using PingFederate as Central auth server ( for authentication and authorization ) and Shibboleth as Service Provider for our application.
Is it possible to configure ...
- 29
1
vote
1
answer
213
views
How to use/access docker environment variables in Shibboleth xml files?
I am trying to inject my docker environment variables into my shibboleth2.xml file. Shibboleth does not recognize my environment variables at all.
For example
<ApplicationDefaults entityID="${...
- 49
0
votes
1
answer
258
views
Drupal module shib_auth configuration for Shibboleth SP in IIS
I have an issue with shibboleth authentication (module: shib_auth 8.x-1 .x-dev) in Drupal 8 and IIS (version 8.5), after login in IDP i'm redirect to Drupal, but i'm not logged.
With SAML browser ...
- 3
0
votes
1
answer
1k
views
Shibboleth Attributes not Mapping
We are having an issue with Shibboleth and Apache Server. I am integrating with an SSO portal for a Tomcat application. I have the integration with the SSO portal figured out, but we are having an ...
0
votes
2
answers
3k
views
shibsp::ConfigurationException, why the service provider isn't logging any additianal information?
I'm setting up, on a test environment with CentOS 7, SSO with Shibboleth SP and Shibboleth IDP.
After all configurations, if I try to access a protected source on the server got only an error page:
...
- 41
0
votes
0
answers
247
views
glassfish get shibboleth sp attribute on iis
I was able to get the information returned by Shibboleth through the program deployed above IIS (code below).
<% @ Page Language="C#" %>
<%
Response.Write("<h3>Server Variables</h3&...
- 3
1
vote
1
answer
989
views
Shibboleth for multiple sites on IIS
I'm trying to configure Shibboleth Service Provider for two sites on one IIS instance:
Frontend with static HTML - just SPA - for example site.com
Backend with API - just REST - for example site-api....
1
vote
0
answers
105
views
Managing Roles for multiple SP (Service Providers) in SSO based application
Need information on how to use roles in SSO based application while supporting multiple SP (sso clients)
I am working on a SSO based architecture by using CAS protocol. How do I manage roles across ...
- 215
3
votes
1
answer
6k
views
Shibboleth SP ignores MetadataProvider
I try to run a Shibboleth SP for the first time, but I immediately ran into an issue that I don't understand for three days now :/
I use the docker image unicon/shibboleth-sp as base to begin with.
...
- 644
1
vote
0
answers
407
views
How can resolve Shibboleth error: Invalid Attribute Id
I integrated Siteminder with shibboleth using SAML2.
In the saml2 response, in the Assertion section, I have the double "Id" :
In the shibboleth I've the following error: Invalid attribute Id. It's ...
- 2,827
1
vote
1
answer
694
views
Shibboleth 3.x URL Redirection Failing
I'm setting up my first Shibboleth 3.x app running under IIS (Windows Server 2019), and have run into a roadblock. It's a vendor's app, and not something I coded myself.
I've currently got things ...
- 255
0
votes
1
answer
54
views
Getting issue for SSO to tomcat App using Shib SP
I have a 3rd party application which is using Tomcat authentication for its session creation. I am planning to enable SSO to that application by integrating that with Shib SP. I am getting an error ...
- 1
3
votes
2
answers
3k
views
500 error when trying to access Shibboleth SP Metadata
I'm trying to configure the Shibboleth SP with the samltest.id IdP. My setup is as follows:
Windows Server 2008 R2, IIS7.5, Shibboleth SP 3.0
I've got almost everything working - when trying to ...
- 786
0
votes
1
answer
3k
views
How to deploy shibboleth service provider in Kubernetes environment?
I am trying to configure shibboleth service provider in kubernetes environment.
In non-docker environment, apache2 and shibd services runs no the same server and apache2 communicates with shibd using ...
- 4,970
0
votes
1
answer
1k
views
How does Single-logout works with OKTA(IDP)-Shibboleth(SP)-App
OKTA-Shibboleth(Apache)-Nakisa(Tomcat)
SSO is working for logging-in.
Now, I need to configure Logout. So, user logs out from the app, user needs to be redirected to OKTA page with tiles.
But, ...
- 168
0
votes
1
answer
2k
views
Shibboleth SP3 HTTP Headers missing
I am using shibboleth SP 3 and IIS 8 on one server. I protect a folder "secure" and redirects to a test ADFS, where I configured the extraction of the UPN from the AD.
My attribute-map.xml looks like ...
- 689
0
votes
1
answer
247
views
Add Shibboleth SP to a tenant in WSO2 Identity Server
I'm having a strange behaviour for this use case:
WSO2 IS with a tenant (tenant A) and a Shibboleth Service Provider added in the tenant (SaaS is NOT selected so the SP should be only visible to the ...
- 75
2
votes
1
answer
3k
views
Signing auth request in shibboleth SP
I am using Shibboleth SP for SAML authorization.
Recently IdP has changed the configuration and it now requires to sign the AuthRequest.
IdP's metadata has following parameter
<md:...
- 3,836