The mailing list for listmasters using Sympa

[Jérôme SITZ <address@concealed>]

Dear Soji,

Many thanks for your help.
Your solution seems to work 😊.

Now I have another issue: 
        SAML response reported an IdP error.
        Error from identity provider:
         Status: urn:oasis:names:tc:SAML:2.0:status:Responder

But this one must be solved by our ADFS admins I suppose.

Many thanks again.
Best regards



-----Original Message-----
From: IKEDA Soji <address@concealed> 
Sent: Monday, June 19, 2023 12:33 AM
To: Jérôme SITZ <address@concealed>
Cc: address@concealed
Subject: Re: [en@sympa] Issue with Shibboleth integration

Hi Jérôme,

On 2023/06/16 19:15, Jérôme SITZ wrote:
> Hello,
> 
> I’m new to the Sympa application. Sympa web interface is running with 
> local identification, but I have issues with the Shibboleth integration.
> 
> Here my server configuration:
> 
> OS: Debian 12
> 
> Sympa: 6.2.70.
> 
> MariaDB: 10.11.3
> 
> Apache: 2.4.57-2 with mod_ssl
> 
> Shibboleth: libapache2-mod-shib 3.4.1 + shibboleth-sp-utils
> 
>   
> 
> Apache sympa.conf:
> 
> --------------
> 
> <IfModule mod_proxy_fcgi.c>
> 
>      Alias /static-sympa /usr/share/sympa/static_content
> 
>      <Directory /usr/share/sympa/static_content>
> 
>          Require all granted
> 
>      </Directory>
> 
>   
> 
>      Alias /css-sympa /var/lib/sympa/css
> 
>      <Directory /var/lib/sympa/css>
> 
>          Require all granted
> 
>      </Directory>
> 
>   
> 
>      Alias /pictures-sympa /var/lib/sympa/pictures
> 
>      <Directory /var/lib/sympa/pictures>
> 
>          Require all granted
> 
>      </Directory>
> 
>   
> 
>      <Location /wws>
> 
>         SetHandler "proxy:unix:/run/sympa/wwsympa.socket|fcgi://"
> 
>         Require all granted
> 
>      </Location>
> 
> </IfModule>
> 
> ---------------------
> 
>   
> 
> Apache shib.conf:
> 
> ----------------------
> 
> ShibCompatValidUser Off
> 
>   
> 
> <Location /Shibboleth.sso>
> 
>    AuthType None
> 
>    Require all granted
> 
> </Location>
> 
>   
> 
> <IfModule mod_alias.c>
> 
>    <Location /shibboleth-sp>
> 
>      AuthType None
> 
>      Require all granted
> 
>    </Location>
> 
>    Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
> 
> </IfModule>
> 
> -------------------------
> 
>   
> 
> Apache shib-sympa.conf:
> 
> --------------------------
> 
> <Location /wws/sso_login/xxx_sympa>
> 
>                  AuthType shibboleth
> 
>                  ShibRequestSetting requireSession true
> 
>                  ShibRequestSetting applicationId app-sympa
> 
>                  require shibboleth
> 
>                  #require mail ~ @
> 
> </Location>
> 
> ---------------------------
<<snip>>

If redirection did not happen,there might be a problem with the access 
control settings above.

I'm not sure, but I feel it'd be better to move the content of 
shib-sympa.conf after "<location /wws>...</location>" in sympa.conf instead 
of putting that content in the separate file.


Regards,
-- Soji


--
株式会社 コンバージョン
ITソリューション部 システムソリューション1グループ 池田荘児
e-mail address@concealed
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.conversion.co.jp%2F&data=05%7C01%7Cjerome.sitz%40uni.lu%7Ce394490fe1b0460e050e08db704c08ed%7C445a9c950f9d49539db1bc4a45dd1220%7C0%7C0%7C638227244125836908%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=75CPOQOoJT9jUvbgcSc7TXrFsdwcCGC%2Bexim1Rn2h9g%3D&reserved=0

Attachment: smime.p7s
Description: S/MIME cryptographic signature