The mailing list for listmasters using Sympa

[IKEDA Soji <address@concealed>]

Hi Jérôme,

On 2023/06/16 19:15, Jérôme SITZ wrote:
> Hello,
>
> I’m new to the Sympa application. Sympa web interface is running with local
> identification, but I have issues with the Shibboleth integration.
>
> Here my server configuration:
>
> OS: Debian 12
>
> Sympa: 6.2.70.
>
> MariaDB: 10.11.3
>
> Apache: 2.4.57-2 with mod_ssl
>
> Shibboleth: libapache2-mod-shib 3.4.1 + shibboleth-sp-utils
>
>   
>
> Apache sympa.conf:
>
> --------------
>
> <IfModule mod_proxy_fcgi.c>
>
>      Alias /static-sympa /usr/share/sympa/static_content
>
>      <Directory /usr/share/sympa/static_content>
>
>          Require all granted
>
>      </Directory>
>
>   
>
>      Alias /css-sympa /var/lib/sympa/css
>
>      <Directory /var/lib/sympa/css>
>
>          Require all granted
>
>      </Directory>
>
>   
>
>      Alias /pictures-sympa /var/lib/sympa/pictures
>
>      <Directory /var/lib/sympa/pictures>
>
>          Require all granted
>
>      </Directory>
>
>   
>
>      <Location /wws>
>
>         SetHandler "proxy:unix:/run/sympa/wwsympa.socket|fcgi://"
>
>         Require all granted
>
>      </Location>
>
> </IfModule>
>
> ---------------------
>
>   
>
> Apache shib.conf:
>
> ----------------------
>
> ShibCompatValidUser Off
>
>   
>
> <Location /Shibboleth.sso>
>
>    AuthType None
>
>    Require all granted
>
> </Location>
>
>   
>
> <IfModule mod_alias.c>
>
>    <Location /shibboleth-sp>
>
>      AuthType None
>
>      Require all granted
>
>    </Location>
>
>    Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
>
> </IfModule>
>
> -------------------------
>
>   
>
> Apache shib-sympa.conf:
>
> --------------------------
>
> <Location /wws/sso_login/xxx_sympa>
>
>                  AuthType shibboleth
>
>                  ShibRequestSetting requireSession true
>
>                  ShibRequestSetting applicationId app-sympa
>
>                  require shibboleth
>
>                  #require mail ~ @
>
> </Location>
>
> ---------------------------
<<snip>>

If redirection did not happen,there might be a problem with the access
control settings above.

I'm not sure, but I feel it'd be better to move the content of
shib-sympa.conf after "<location /wws>...</location>" in sympa.conf
instead of putting that content in the separate file.


Regards,
-- Soji


--
株式会社 コンバージョン
ITソリューション部 システムソリューション1グループ 池田荘児
e-mail address@concealed
https://www.conversion.co.jp/