Shibboleth with one Vhost and two IdentityProvider

33 views
Skip to first unread message

lai...@libero.it

unread,
Mar 15, 2012, 6:38:07 PM3/15/12
to us...@shibboleth.net
Hi,

i have a problem for the shibboleth configuration.

In particular, i have one application including two URL to protect with two
different Identity Provider:

- one URL is /protected
- the other one is /protectedBasic.

I have configured the Virtual Host with the two protected URL; in shibboleth2.
xml i set the first URL in the default application and the second URL in the
override application.

My problem is that: Override application uses the Identity Provider defined in
default application.

I post you a file excerpt:

<RequestMapper type="Native">
<RequestMap applicationId="default">
<Host name="test.domain.com" authType="shibboleth" requireSession="true"
>
<Path name="/protected" applicationId="other-app"/>
<Path name="/protectedBasic" applicationId="other-app"/>
</Host>
</Host>
</RequestMap>
</RequestMapper>

<ApplicationDefaults id="default" policyId="default"
entityID="https://test.domain.com/protected/shibboleth"
homeURL="https://test.domain.com"
REMOTE_USER="eppn persistent-id targeted-id"
>
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
handlerURL="/protected/Shibboleth.sso" handlerSSL="false">

.....


<ApplicationOverride id="other-app" entityID="https://test.domain.
com/protectedBasic/shibboleth">
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
handlerURL="/protectedBasic/Shibboleth.sso" handlerSSL="false"
>
</ApplicationOverride>
</ApplicationDefaults>


Can you suggest me how to solve this problem?

Thank's
--
To unsubscribe from this list send an email to users-un...@shibboleth.net

Cantor, Scott

unread,
Mar 15, 2012, 7:03:58 PM3/15/12
to us...@shibboleth.net
On 3/15/12 6:38 PM, "lai...@libero.it" <lai...@libero.it> wrote:
>
>In particular, i have one application including two URL to protect with
>two
>different Identity Provider:

That doesn't match anything you posted after. You don't need application
overrides to support that use case.

>I have configured the Virtual Host with the two protected URL; in
>shibboleth2.
>xml i set the first URL in the default application and the second URL in
>the
>override application.

You didn't do that either. You have both Paths mapped to the same
overridden application.

>My problem is that: Override application uses the Identity Provider
>defined in
>default application.

There is no identity provider "defined in the default application". That
isn't now things work. If you want to hardcode an app to use a specific
IdP, you'd do it either in the RequestMap or in the SessionInitiator or
SSO elements.

Your excerpted XML is addressing the entityID assigned to the SP. Its own
name, not the name of an IdP to use.

>Can you suggest me how to solve this problem?

I don¹t yet understand what the problem is. I would start by undoing your
changes and not use application overrides unless you understand why you're
using them. What is the use case specifically?

-- Scott

Reply all
Reply to author
Forward
0 new messages