Skip to Content.
Sympa Menu

en - Re: [sympa-users] Sympa and Shibboleth3?

Subject: The mailing list for listmasters using Sympa

List archive

Chronological Thread  
  • From: Rhian Resnick <address@concealed>
  • To: "Mail administrator, Otto Makela" <address@concealed>, "address@concealed" <address@concealed>
  • Subject: Re: [sympa-users] Sympa and Shibboleth3?
  • Date: Thu, 17 Feb 2022 14:11:37 +0000

I believe our Sympa instance is running with Shibboleth and EL8.

Hints from my experience: (if you looked at these just ignore __ )

1. You need expose the email attribute in
/etc/shibboleth/attribute-mapper.xml then restart shibd and httpd
2. Make sure to note that the email attribute is usually called "mail".
3. Make sure you are receiving the mail attribute from the IDP by checking
out the IDP servers log (admins can confirm), and the SP server log in
/var/log/shib/shibd.log (sp)
4. Use PHP and or something similar to run <?php phpinfo() ?> and make sure
your httpd server is seeing the shibboleth authentication.
5. If none of that works reach out to the shibboleth users mailing list.
Scott and team are really good at assisting and pointing out issues.
6. Verify the name of the attribute sympa is looking for is "mail" not


Rhian Resnick
Associate Director of Research Computing, Enterprise Systems
Office of Information Technology
Florida Atlantic University

´╗┐On 2/17/22, 9:01 AM, "address@concealed on behalf of
Mail administrator, Otto Makela" <address@concealed on
behalf of address@concealed> wrote:

EXTERNAL EMAIL : Exercise caution when responding, opening links, or
opening attachments.

I've gotten Sympa to work pretty well under RHEL 8, except for one
rather critical thing: our corporate-wide single sign-on, implemented
via Shibboleth.

My problem is, RHEL 8 comes with shibboleth-3.2.3-3.1 which I've
configured and tested to work with the httpd I have on the machine.
However, when I try to use Shibboleth with Sympa, it seems Sympa
does not react properly to the authentication process resposes,
and the result is that Sympa gives the error popup

INTERNAL SERVER ERROR (sso_login) - Failed to get your email
address from the authentication service.

All the Sympa/Shibboleth documentation seem to be from quite many
years ago, when Shibboleth was version 2. Just to avoid getting
committed to an insane asylum later on, does Sympa properly
understand Shibboleth3? Does someone here currently use it?

address@concealed (Mail Administrator, Otto J. Makela)

Archive powered by MHonArc 2.6.19+.

Top of Page