Re: Need Assistance Debugging a 403 error after sample Idp authentication is complete

[Thijs Kinkhorst]

Op vrijdag 5 oktober 2012 01:01:01 schreef Han Kim:
> I've setup 1.10.0 and began testing with https://openidp.feide.no
>
> What is happening is that within the simplesaml setup, I test the
> authentication source by clicking on the link, in this
> case https://openidp.feide.no.
>
> It successfully takes me to the authentication source, I log in, and am
> presented with the "OpenIdP Frontpage › Consent about releasing personal
> information", I check "Yes, continue" and upon the return to my SP, I get
> a 403 forbidden error (url is https://<sp
> url>/simplesaml/module.php/saml/sp/saml2-acs.php/<sp name>)
>
> I'm not sure if this is an issue dealing with secure http post versus
> redirect, a mod_security issue, etc.

Are you using Apache? If your web server generates a 403, I would check its
error log to see what it reports as the reason. Does that give any clue?


--
Thijs Kinkhorst <th...@uvt.nl> – LIS Unix

Universiteit van Tilburg – Library and IT Services • Postbus 90153, 5000 LE
Bezoekadres > Warandelaan 2 • Tel. 013 466 3035 • G 236 • http://www.uvt.nl

[Han Kim]

No errors in the Apache logs so I had the server admins add a mod_security exception to the simplesamlphp folders and bang it worked!  mod_security was suspect as often times when transmitting variables in the URL line such as in GET statements, etc. it causes issues and indeed this was the case due to the way simplesaml sends parameters to module.php  (https://<sp url>/simplesaml/module.php/saml/sp/saml2-acs.php/). 

Thanks for the reply! Hope this helps anyone else deploying to webhosts that utilize mod_security.