Oh criminy. Yep, that's what I did. Thanks.
Sigh. On Tue, Oct 16, 2012 at 02:52:27PM -0400, Josh Thompson wrote: > Did you require Shib authentication on the vcl directory? You should not > require it there, but on the vcl/shibauth directory instead. > > Josh > > On Tuesday, October 16, 2012 12:33:07 PM Michael Jinks wrote: > > Well I don't know why it took me so long to notice this. > > > > We use Shibboleth to provide authN for our VCL web interfaces, and > > during debugging we sometimes switch it off to make it easier to get at > > the local admin account. I've just realized that this has been > > contributing to our block allocation problems. When Shib is disabled, > > bock allocations are working. But when it's switched back on, the > > vclsystem account is intercepted by Apache's Shib module and never has > > a chance to talk to the real web interface. > > > > I figure this must have come up elsewhere; how are other sites working > > around this issue? > > > > We have a project on our timeline to put in a back door for admin > > access to VCL, bypassing Shib, but we haven't started work on it yet > > and I don't know if the XML/RPC interface will pose its own issues > > separate from what we'll need to deal with for browser access. > > > > Thanks as always, > > --Michael > -- > ------------------------------- > Josh Thompson > Systems Programmer > Advanced Computing | VCL Developer > North Carolina State University > > [email protected] > 919-515-5323 > > my GPG/PGP key can be found at pgp.mit.edu > > All electronic mail messages in connection with State business which > are sent to or received by this account are subject to the NC Public > Records Law and may be disclosed to third parties. -- Michael Jinks :: [email protected] University of Chicago IT Services
