Shibboleth login on dspace 7 fails with Safari
24 views
Skip to first unread message
Bill Tantzen
Jul 14, 2020, 5:09:53 PM7/14/20
to DSpace Technical Support
My client is at https://ui.lib.umn.edu:3000 and the REST API at rest.lib.umn.edu. My apache shib configuration is as described at https://wiki.lyrasis.org/display/DSPACE/DSpace+7+Shibboleth+Configuration. I can login with Firefox and Chrome, but when logging in with Safari, the REST server responds with a 403.
A successful login (via Chrome) looks like this in the apache logs:
10.21.41.171 - - [14/Jul/2020:15:35:06 -0500] "GET /Shibboleth.sso/Login?target=https://rest.lib.umn.edu/server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 302 860
10.21.41.171 - - [14/Jul/2020:15:35:28 -0500] "POST /Shibboleth.sso/SAML2/POST HTTP/1.1" 302 289
10.21.41.171 - tant...@umn.edu [14/Jul/2020:15:35:28 -0500] "GET /server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 302 -
An unsuccessful login (via Safari) from the same workstation is similar:
10.21.41.171 - - [14/Jul/2020:15:32:48 -0500] "GET /Shibboleth.sso/Login?target=https://rest.lib.umn.edu/server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 302 858
10.21.41.171 - - [14/Jul/2020:15:33:21 -0500] "POST /Shibboleth.sso/SAML2/POST HTTP/1.1" 302 289
10.21.41.171 - tant...@umn.edu [14/Jul/2020:15:33:21 -0500] "GET /server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 403 20
Which is identical except for the 403, and a small text file from the IdP that contains "Invalid CORS request"
A successful login (via Chrome) looks like this in the apache logs:
10.21.41.171 - - [14/Jul/2020:15:35:06 -0500] "GET /Shibboleth.sso/Login?target=https://rest.lib.umn.edu/server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 302 860
10.21.41.171 - - [14/Jul/2020:15:35:28 -0500] "POST /Shibboleth.sso/SAML2/POST HTTP/1.1" 302 289
10.21.41.171 - tant...@umn.edu [14/Jul/2020:15:35:28 -0500] "GET /server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 302 -
An unsuccessful login (via Safari) from the same workstation is similar:
10.21.41.171 - - [14/Jul/2020:15:32:48 -0500] "GET /Shibboleth.sso/Login?target=https://rest.lib.umn.edu/server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 302 858
10.21.41.171 - - [14/Jul/2020:15:33:21 -0500] "POST /Shibboleth.sso/SAML2/POST HTTP/1.1" 302 289
10.21.41.171 - tant...@umn.edu [14/Jul/2020:15:33:21 -0500] "GET /server/api/authn/shibboleth?redirectUrl=https://ui.lib.umn.edu:3000/home HTTP/1.1" 403 20
Which is identical except for the 403, and a small text file from the IdP that contains "Invalid CORS request"
I'm not sure -- angular bug? server bug? Safari bug? This worked fine across all browsers in beta 2... My next test will be to place the client and server on the same host... Meanwhile, I'm not sure where to go!
Thanks for any advice!
--
~~ Bill
Human wheels spin round and round
While the clock keeps the pace... -- John Mellencamp
________________________________________________________________
Bill Tantzen University of Minnesota Libraries
612-626-9949 (U of M) 612-325-1777 (cell)
While the clock keeps the pace... -- John Mellencamp
________________________________________________________________
Bill Tantzen University of Minnesota Libraries
612-626-9949 (U of M) 612-325-1777 (cell)
Bill Tantzen
Jul 15, 2020, 10:02:33 AM7/15/20
to DSpace Technical Support
I should add that I experience the same results when logging into the HAL browser; works on Firefox and Chrome, fails in the same way with Safari. This used to work on beta 2.
~~ Bill
Reply all
Reply to author
Forward
0 new messages