Prashant Yadav
2010-05-24 17:23:40 UTC
Hello,
I am trying to configure Shibboleth SP on a CentOS. Attaching my
shibboleth2.xml and httpd.conf files. Not sure what configuration is
going wrong, but I am getting exceptions like: "You don't have
permission to access /Shibboleth.sso/Status on this server." or
"shibsp::ConfigurationException at (https://10.0.0.228/Shibboleth.sso/secure
)
None of the configured SessionInitiators handled the request."
shibboleth2.xml:
<?xml version="1.0" encoding="ISO-8859-1" ?>
- <SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion
" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata
" logger="/etc/shibboleth/syslog.logger" clockSkew="180">
- <OutOfProcess logger="/etc/shibboleth/shibd.logger">
</OutOfProcess>
<InProcess logger="/etc/shibboleth/native.logger" />
<UnixListener address="/var/run/shibd.sock" />
<StorageService type="Memory" id="mem" cleanupInterval="900" />
<SessionCache type="StorageService" StorageService="mem"
cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900" />
<ReplayCache StorageService="mem" />
<ArtifactMap artifactTTL="180" />
- <RequestMapper type="Native">
- <RequestMap applicationId="default">
- <Host name="partners-dev.h2hdigitalrx.com">
<Path name="drx/Shibboleth/" applicationId="digitalrx"
authType="shibboleth" requireSession="true" exportAssertion="false" />
</Host>
</RequestMap>
</RequestMapper>
- <ApplicationDefaults id="default" policyId="default" entityID="https://partners-dev.h2hdigitalrx.com/drx/Shibboleth
" homeURL="https://partners-dev.h2hdigitalrx.com/drx"
REMOTE_USER="eppn persistent-id targeted-id" signing="true"
encryption="false">
- <Sessions lifetime="7200" timeout="3600" checkAddress="false"
consistentAddress="true" handlerURL="/Shibboleth.sso"
handlerSSL="true" exportLocation="http://localhost/Shibboleth.sso/GetAssertion
" idpHistory="true" idpHistoryDays="7">
- <SessionInitiator type="Chaining" Location="/secure"
isDefault="true" id="Intranet" relayState="cookie" entityID="https://tib.dev.covisint.com
" acsByIndex="false">
<SessionInitiator type="SAML2" acsIndex="1"
template="bindingTemplate.html" />
<SessionInitiator type="Shib1" acsIndex="5" />
</SessionInitiator>
- <SessionInitiator type="Chaining" Location="/WAYF" id="WAYF"
relayState="cookie">
<SessionInitiator type="SAML2" acsIndex="1"
template="bindingTemplate.html" />
<SessionInitiator type="Shib1" acsIndex="5" />
<SessionInitiator type="WAYF" acsIndex="5" URL="https://tib.dev.covisint.com
" />
</SessionInitiator>
<md:AssertionConsumerService Location="/SAML2/POST" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" />
<md:AssertionConsumerService Location="/SAML2/POST-SimpleSign"
index="2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
" />
<md:AssertionConsumerService Location="/SAML2/Artifact" index="3"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" />
<md:AssertionConsumerService Location="/SAML2/ECP" index="4"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" />
<md:AssertionConsumerService Location="/SAML/POST" index="5"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" />
<md:AssertionConsumerService Location="/SAML/Artifact" index="6"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" />
- <LogoutInitiator type="Chaining" Location="/Logout"
relayState="cookie">
<LogoutInitiator type="Local" />
</LogoutInitiator>
<md:SingleLogoutService Location="/SLO/SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP
" />
<md:SingleLogoutService Location="/SLO/Redirect"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
" />
<md:SingleLogoutService Location="/SLO/POST"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
" />
<md:SingleLogoutService Location="/SLO/Artifact"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
" />
<md:ManageNameIDService Location="/NIM/SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP
" />
<md:ManageNameIDService Location="/NIM/Redirect"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
" />
<md:ManageNameIDService Location="/NIM/POST"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
" />
<md:ManageNameIDService Location="/NIM/Artifact"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
" />
<md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" />
<Handler type="MetadataGenerator" Location="/Metadata"
signing="false" />
<Handler type="Status" Location="/Status" acl="127.0.0.1" />
<Handler type="Session" Location="/Session" />
</Sessions>
<Errors session="/etc/shibboleth/sessionError.html" metadata="/etc/
shibboleth/metadataError.html" access="/etc/shibboleth/
accessError.html" ssl="/etc/shibboleth/sslError.html" localLogout="/
etc/shibboleth/localLogout.html" globalLogout="/etc/shibboleth/
globalLogout.html" supportContact="prashanty-EZNKc36GK+***@public.gmane.org"
logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/
main.css" />
<MetadataProvider type="XML" url="https://tib.dev.covisint.com/tib_gen_sp.xml
" backingFilePath="/etc/shibboleth/covisint_metadata.xml"
reloadInterval="7200" />
- <TrustEngine type="Chaining">
<TrustEngine type="ExplicitKey" />
<TrustEngine type="PKIX" />
</TrustEngine>
<AttributeExtractor type="XML" path="/etc/shibboleth/attribute-
map.xml" />
<AttributeResolver type="Query" />
<AttributeFilter type="XML" path="/etc/shibboleth/attribute-
policy.xml" />
<CredentialResolver type="File" key="/etc/httpd/conf/ssl.key"
certificate="/etc/httpd/conf/ssl.crt" />
- <ApplicationOverride id="digitalrx" entityID="https://partners-dev.h2hdigitalrx.com/drx/Shibboleth
" homeURL="https://partners-dev.h2hdigitalrx.com/drx/Shibboleth/"
REMOTE_USER="ShibuscNetID">
<Sessions handlerURL="/drx/Shibboleth/Shibboleth.sso"
handlerSSL="true" cookieProps="; path=/drx/Shibboleth/; secure"
checkAddress="false" lifetime="7200" timeout="3600" />
</ApplicationOverride>
</ApplicationDefaults>
- <SecurityPolicies>
- <Policy id="default" validate="false">
<Rule type="MessageFlow" checkReplay="true" expires="60" />
<Rule type="ClientCertAuth" errorFatal="true" />
<Rule type="XMLSigning" errorFatal="true" />
<Rule type="SimpleSigning" errorFatal="true" />
</Policy>
</SecurityPolicies>
</SPConfig>
httpd.conf:
### Section 1: Global Environment
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin prashanty-EZNKc36GK+***@public.gmane.org
ServerName 10.0.0.228
UseCanonicalName On
DocumentRoot "/usr/share/doc/shibboleth-2.3.1/"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/usr/share/doc/shibboleth-2.3.1/">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_userdir.c>
UserDir disable
</IfModule>
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i
\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature On
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_dav_fs.c>
DAVLockDB /var/lib/dav/lockdb
</IfModule>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl
nn no pl pt pt-BR ru sv zh-CN zh-TW
ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
</IfModule>
</IfModule>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider"
redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin prashanty-EZNKc36GK+***@public.gmane.org
DocumentRoot "/usr/share/doc/shibboleth-2.3.1/"
ServerName 10.0.0.228
<Location /secure>
AuthType shibboleth
ShibRequireSession On
require valid-user
</Location>
</VirtualHost>
#Include conf/mod-jk.conf
Please help.
Thanks in Advance.
I am trying to configure Shibboleth SP on a CentOS. Attaching my
shibboleth2.xml and httpd.conf files. Not sure what configuration is
going wrong, but I am getting exceptions like: "You don't have
permission to access /Shibboleth.sso/Status on this server." or
"shibsp::ConfigurationException at (https://10.0.0.228/Shibboleth.sso/secure
)
None of the configured SessionInitiators handled the request."
shibboleth2.xml:
<?xml version="1.0" encoding="ISO-8859-1" ?>
- <SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion
" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata
" logger="/etc/shibboleth/syslog.logger" clockSkew="180">
- <OutOfProcess logger="/etc/shibboleth/shibd.logger">
</OutOfProcess>
<InProcess logger="/etc/shibboleth/native.logger" />
<UnixListener address="/var/run/shibd.sock" />
<StorageService type="Memory" id="mem" cleanupInterval="900" />
<SessionCache type="StorageService" StorageService="mem"
cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900" />
<ReplayCache StorageService="mem" />
<ArtifactMap artifactTTL="180" />
- <RequestMapper type="Native">
- <RequestMap applicationId="default">
- <Host name="partners-dev.h2hdigitalrx.com">
<Path name="drx/Shibboleth/" applicationId="digitalrx"
authType="shibboleth" requireSession="true" exportAssertion="false" />
</Host>
</RequestMap>
</RequestMapper>
- <ApplicationDefaults id="default" policyId="default" entityID="https://partners-dev.h2hdigitalrx.com/drx/Shibboleth
" homeURL="https://partners-dev.h2hdigitalrx.com/drx"
REMOTE_USER="eppn persistent-id targeted-id" signing="true"
encryption="false">
- <Sessions lifetime="7200" timeout="3600" checkAddress="false"
consistentAddress="true" handlerURL="/Shibboleth.sso"
handlerSSL="true" exportLocation="http://localhost/Shibboleth.sso/GetAssertion
" idpHistory="true" idpHistoryDays="7">
- <SessionInitiator type="Chaining" Location="/secure"
isDefault="true" id="Intranet" relayState="cookie" entityID="https://tib.dev.covisint.com
" acsByIndex="false">
<SessionInitiator type="SAML2" acsIndex="1"
template="bindingTemplate.html" />
<SessionInitiator type="Shib1" acsIndex="5" />
</SessionInitiator>
- <SessionInitiator type="Chaining" Location="/WAYF" id="WAYF"
relayState="cookie">
<SessionInitiator type="SAML2" acsIndex="1"
template="bindingTemplate.html" />
<SessionInitiator type="Shib1" acsIndex="5" />
<SessionInitiator type="WAYF" acsIndex="5" URL="https://tib.dev.covisint.com
" />
</SessionInitiator>
<md:AssertionConsumerService Location="/SAML2/POST" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" />
<md:AssertionConsumerService Location="/SAML2/POST-SimpleSign"
index="2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
" />
<md:AssertionConsumerService Location="/SAML2/Artifact" index="3"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" />
<md:AssertionConsumerService Location="/SAML2/ECP" index="4"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" />
<md:AssertionConsumerService Location="/SAML/POST" index="5"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" />
<md:AssertionConsumerService Location="/SAML/Artifact" index="6"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" />
- <LogoutInitiator type="Chaining" Location="/Logout"
relayState="cookie">
<LogoutInitiator type="Local" />
</LogoutInitiator>
<md:SingleLogoutService Location="/SLO/SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP
" />
<md:SingleLogoutService Location="/SLO/Redirect"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
" />
<md:SingleLogoutService Location="/SLO/POST"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
" />
<md:SingleLogoutService Location="/SLO/Artifact"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
" />
<md:ManageNameIDService Location="/NIM/SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP
" />
<md:ManageNameIDService Location="/NIM/Redirect"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
" />
<md:ManageNameIDService Location="/NIM/POST"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
" />
<md:ManageNameIDService Location="/NIM/Artifact"
conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
" />
<md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" />
<Handler type="MetadataGenerator" Location="/Metadata"
signing="false" />
<Handler type="Status" Location="/Status" acl="127.0.0.1" />
<Handler type="Session" Location="/Session" />
</Sessions>
<Errors session="/etc/shibboleth/sessionError.html" metadata="/etc/
shibboleth/metadataError.html" access="/etc/shibboleth/
accessError.html" ssl="/etc/shibboleth/sslError.html" localLogout="/
etc/shibboleth/localLogout.html" globalLogout="/etc/shibboleth/
globalLogout.html" supportContact="prashanty-EZNKc36GK+***@public.gmane.org"
logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/
main.css" />
<MetadataProvider type="XML" url="https://tib.dev.covisint.com/tib_gen_sp.xml
" backingFilePath="/etc/shibboleth/covisint_metadata.xml"
reloadInterval="7200" />
- <TrustEngine type="Chaining">
<TrustEngine type="ExplicitKey" />
<TrustEngine type="PKIX" />
</TrustEngine>
<AttributeExtractor type="XML" path="/etc/shibboleth/attribute-
map.xml" />
<AttributeResolver type="Query" />
<AttributeFilter type="XML" path="/etc/shibboleth/attribute-
policy.xml" />
<CredentialResolver type="File" key="/etc/httpd/conf/ssl.key"
certificate="/etc/httpd/conf/ssl.crt" />
- <ApplicationOverride id="digitalrx" entityID="https://partners-dev.h2hdigitalrx.com/drx/Shibboleth
" homeURL="https://partners-dev.h2hdigitalrx.com/drx/Shibboleth/"
REMOTE_USER="ShibuscNetID">
<Sessions handlerURL="/drx/Shibboleth/Shibboleth.sso"
handlerSSL="true" cookieProps="; path=/drx/Shibboleth/; secure"
checkAddress="false" lifetime="7200" timeout="3600" />
</ApplicationOverride>
</ApplicationDefaults>
- <SecurityPolicies>
- <Policy id="default" validate="false">
<Rule type="MessageFlow" checkReplay="true" expires="60" />
<Rule type="ClientCertAuth" errorFatal="true" />
<Rule type="XMLSigning" errorFatal="true" />
<Rule type="SimpleSigning" errorFatal="true" />
</Policy>
</SecurityPolicies>
</SPConfig>
httpd.conf:
### Section 1: Global Environment
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin prashanty-EZNKc36GK+***@public.gmane.org
ServerName 10.0.0.228
UseCanonicalName On
DocumentRoot "/usr/share/doc/shibboleth-2.3.1/"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/usr/share/doc/shibboleth-2.3.1/">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_userdir.c>
UserDir disable
</IfModule>
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i
\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature On
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_dav_fs.c>
DAVLockDB /var/lib/dav/lockdb
</IfModule>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl
nn no pl pt pt-BR ru sv zh-CN zh-TW
ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
</IfModule>
</IfModule>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider"
redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin prashanty-EZNKc36GK+***@public.gmane.org
DocumentRoot "/usr/share/doc/shibboleth-2.3.1/"
ServerName 10.0.0.228
<Location /secure>
AuthType shibboleth
ShibRequireSession On
require valid-user
</Location>
</VirtualHost>
#Include conf/mod-jk.conf
Please help.
Thanks in Advance.