Skip to Content.
Sympa Menu

en - RE: [en@sympa] Issue with Shibboleth integration

Subject: The mailing list for listmasters using Sympa

List archive

Chronological Thread  
  • From: Jérôme SITZ <address@concealed>
  • To: IKEDA Soji <address@concealed>
  • Cc: "address@concealed" <address@concealed>
  • Subject: RE: [en@sympa] Issue with Shibboleth integration
  • Date: Mon, 19 Jun 2023 11:52:40 +0000

Dear Soji,

Many thanks for your help.
Your solution seems to work 😊.

Now I have another issue:
SAML response reported an IdP error.
Error from identity provider:
Status: urn:oasis:names:tc:SAML:2.0:status:Responder

But this one must be solved by our ADFS admins I suppose.

Many thanks again.
Best regards



-----Original Message-----
From: IKEDA Soji <address@concealed>
Sent: Monday, June 19, 2023 12:33 AM
To: Jérôme SITZ <address@concealed>
Cc: address@concealed
Subject: Re: [en@sympa] Issue with Shibboleth integration

Hi Jérôme,

On 2023/06/16 19:15, Jérôme SITZ wrote:
> Hello,
>
> I’m new to the Sympa application. Sympa web interface is running with
> local identification, but I have issues with the Shibboleth integration.
>
> Here my server configuration:
>
> OS: Debian 12
>
> Sympa: 6.2.70.
>
> MariaDB: 10.11.3
>
> Apache: 2.4.57-2 with mod_ssl
>
> Shibboleth: libapache2-mod-shib 3.4.1 + shibboleth-sp-utils
>
>
>
> Apache sympa.conf:
>
> --------------
>
> <IfModule mod_proxy_fcgi.c>
>
> Alias /static-sympa /usr/share/sympa/static_content
>
> <Directory /usr/share/sympa/static_content>
>
> Require all granted
>
> </Directory>
>
>
>
> Alias /css-sympa /var/lib/sympa/css
>
> <Directory /var/lib/sympa/css>
>
> Require all granted
>
> </Directory>
>
>
>
> Alias /pictures-sympa /var/lib/sympa/pictures
>
> <Directory /var/lib/sympa/pictures>
>
> Require all granted
>
> </Directory>
>
>
>
> <Location /wws>
>
> SetHandler "proxy:unix:/run/sympa/wwsympa.socket|fcgi://"
>
> Require all granted
>
> </Location>
>
> </IfModule>
>
> ---------------------
>
>
>
> Apache shib.conf:
>
> ----------------------
>
> ShibCompatValidUser Off
>
>
>
> <Location /Shibboleth.sso>
>
> AuthType None
>
> Require all granted
>
> </Location>
>
>
>
> <IfModule mod_alias.c>
>
> <Location /shibboleth-sp>
>
> AuthType None
>
> Require all granted
>
> </Location>
>
> Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
>
> </IfModule>
>
> -------------------------
>
>
>
> Apache shib-sympa.conf:
>
> --------------------------
>
> <Location /wws/sso_login/xxx_sympa>
>
> AuthType shibboleth
>
> ShibRequestSetting requireSession true
>
> ShibRequestSetting applicationId app-sympa
>
> require shibboleth
>
> #require mail ~ @
>
> </Location>
>
> ---------------------------
<<snip>>

If redirection did not happen,there might be a problem with the access
control settings above.

I'm not sure, but I feel it'd be better to move the content of
shib-sympa.conf after "<location /wws>...</location>" in sympa.conf instead
of putting that content in the separate file.


Regards,
-- Soji


--
株式会社 コンバージョン
ITソリューション部 システムソリューション1グループ 池田荘児
e-mail address@concealed
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.conversion.co.jp%2F&data=05%7C01%7Cjerome.sitz%40uni.lu%7Ce394490fe1b0460e050e08db704c08ed%7C445a9c950f9d49539db1bc4a45dd1220%7C0%7C0%7C638227244125836908%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=75CPOQOoJT9jUvbgcSc7TXrFsdwcCGC%2Bexim1Rn2h9g%3D&reserved=0

Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.19+.

Top of Page