Subject: The mailing list for listmasters using Sympa
List archive
Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA
- From: IKEDA Soji <address@concealed>
- To: Mickey Bowling <address@concealed>
- Cc: "address@concealed" <address@concealed>
- Subject: Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA
- Date: Tue, 13 Aug 2024 10:04:52 +0900
Hi Mickey,
At first, for Sympa configuration, at least the following document should
have been read:
https://www.sympa.community/manual/customize/shibboleth.html
For OKTA and Shibboleth SP, also please read the documents provided by each.
> 2024/08/09 2:23、Mickey Bowling <address@concealed>のメール:
>
> Our environment:
>
> OS: Amazon Linux 2
> Sympa 6.2.72
> Apache 2.4.61
> Shibboleth 3.4.1
>
> We are using Shibboleth as the SP for Sympa application. Our IDP is OKTA.
> I have configured the Sympa OKTA application and Shibboleth to work using
> SAML2.
How you have configured them? Please provide specific details of
configuration for OKTA, Shibboleth SP, Apache HTTP Server and Sympa. Please
be specific — not just writing "I set it up exactly as the documents say”.
> At the moment I am able to initiate SP authentication (via a login button
> on Sympa) which takes me to OKTA to authenticate, then pass back over to
> Sympa and ends up on the home page, but not as the authenticated user.
Please provide content of system logs for the software components above,
_from when_ you clicked the login button _to when_ the home page was shown.
Sensitive information may be masked.
> I have also tried protecting the entire Sympa page by adding that as a
> protected directory. Doing so redirects me to OKTA when I land on the
> Sympa page. From there I am able to authenticate and it brings me back to
> Sympa landing page, but not as the authenticated user, but rather a non
> user. If a user is not assigned the application in OKTA, then they
> immediately get a notification that they are not assigned the application.
Please show the modified configuration for coresponding components and the
logs in the same period as above.
> Does this mean that Shibboleth is getting a valid session from OKTA and
> Sympa doesn't know how to process this session?
As the document shown at first says, Sympa should be provided user email
address as user information. How have you configured to get these
information?
Regards,
— Soji
-
[en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA,
Mickey Bowling, 08/08/2024
- Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA, Mickey Bowling, 08/12/2024
-
Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA,
IKEDA Soji, 08/13/2024
-
Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA,
Mickey Bowling, 08/13/2024
-
Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA,
IKEDA Soji, 08/14/2024
-
Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA,
Mickey Bowling, 08/14/2024
-
Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA,
IKEDA Soji, 08/16/2024
- [en@sympa] unsubscrbe!, Frank Spade, 08/17/2024
-
Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA,
IKEDA Soji, 08/16/2024
-
Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA,
Mickey Bowling, 08/14/2024
-
Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA,
IKEDA Soji, 08/14/2024
-
Re: [en@sympa] New Sympa build is unable to process Shibboleth SSO session from OKTA,
Mickey Bowling, 08/13/2024
Archive powered by MHonArc 2.6.19+.