I'm trying to get Shibboleth to work with a new DSpace 6 installation on Centos 7 running Apache 2.4. I have both password and Shibboleth authentication enabled. This gives me the opportunity to hover over the Shibboleth login link. The link shows this URL:
https://rc.library.ourschool.edu/Shibboleth.sso/Login?target=https%3A%2F%2Frc.library.ourschool.edu%3A8080%2F%2Futa-ir%2Fshibboleth-login or, with all the placeholders exchanged: https://rc.library.ourschool.edu/Shibboleth.sso/Login?target=https://rc.library.ourschool.edu:8080//ourschool-ir/shibboleth-login When I click the link, our standard Shibboleth login box appears. I enter credentials and then I get the error message: "*No peer endpoint available to which to send SAML response*" The fellow who maintains the Identity Provider says it logs the AssertionConsumerServiceURL as: *https://rc.library.ourschool.edu:8080/Shibboleth.sso/SAML2/POST* <https://rc.library.ourschool.edu:8080/Shibboleth.sso/SAML2/POST> Putting two and two together, it seems the IdP can't contact the SP because it's trying to hit port 8080. Since I have Apache doing reverse proxy, the IdP needs to hit the base URL, but I can't find a way to change it. Here are the relevant lines from the Apache main config: # Send requests for / to /ourschool-ir RedirectMatch ^/$ /ourschool-ir # Redirect http to https Redirect permanent /ourschool-ir https://rc.library.ourschool.edu/ourschool-ir And from the Apache virtual server config: <Location /> # Configure Shibboleth for "lazy" authentication AuthType shibboleth ShibUseHeaders on Require shibboleth </Location> <Location /Shibboleth.sso> # Suggested by DSpace docs ProxyPass ! SetHandler shib </Location> ProxyPass /ourschool-ir http://rc.library.ourschool.edu:8080/ourschool-ir ProxyPassReverse /ourschool-ir http://rc.library.ourschool.edu:8080/ourschool-ir </VirtualHost> Any clues greatly appreciated. Glenn -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
