[shib_auth] Access Denied despite successful SSO Session
Alexander Ivanov
alex at calmforce.com
Mon Sep 26 07:36:54 CEST 2016
Hi everyone,
I'm the lead developer for the QDR site (https://qdr.syr.edu/), which is
running Drupal 7. We are developing an integration with a Shibboleth IdP.
On our Stage site I have installed and enabled shib_auth module ver
7.x-4.3. In that same environment, we've set up the Shibboleth IdP and SP.
I ran into some issues when I attempted to configure the Shib SP (version
2.5.6). I contacted the Shibboleth mailing list, and I was informed that
the configuration examples provided in the wiki for shib_auth module (
https://wiki.aai.niif.hu/index.php?title=DrupalShibbolethReadmeDev) are
outdated. The configuration examples for shibboleth2.xml must correspond
to an earlier version of the Shibboleth SP. Related Shibboleth mailing
list thread:
http://shibboleth.1660669.n2.nabble.com/Error-Unable-to-locate-a-SAML-2-0-ACS-endpoint-to-use-for-response-td7628164.html
Currently our IdP and SP are functional such that when I go to the Drupal
login page and click on Shibboleth Login link, I am taken to our IdP
authentication page. Once I login there, I am successfully redirected back
to the Drupal site. When I check the status of the SSO Session I see that
a session is created and attribute values are passed for the
IdP-authenticated user. However, despite the successful SSO session, the
auto-login into Drupal fails. I am not logged into the site, and in the
error log I just see an *access denied* message.
I am attaching our shibboleth2.xml config file. I think that I may be
missing something in the SP configuration. I tried to make the best of the
wiki example, but I think this may need to be configured a bit
differently for Shibboleth SP version > 2.4. Please let me know if this is
the case.
I appreciate any advice you may have for making our Shibboleth IdP
integration work. Thank you in advance for your help.
My Best,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.niif.hu/pipermail/shib_auth/attachments/20160926/f6516253/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shibboleth2.xml
Type: text/xml
Size: 6919 bytes
Desc: not available
URL: <https://listserv.niif.hu/pipermail/shib_auth/attachments/20160926/f6516253/attachment.xml>
More information about the shib_auth
mailing list