Resolving /Shibboleth.sso/Metadata

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Resolving /Shibboleth.sso/Metadata

j_shb
I've reviewed the other threads, but can't find anything that works. When I
attempt to access /Shibboleth.sso/Metadata, it appears my request is handled
by Apache (returning a 404) instead of Shibboleth (although I had it working
at one point!). Left it alone for a few weeks, installed an SSL certificate,
and now it's broken.

I've reinstalled (`yum remove shibboleth` and `yum install shibboleth`) with
no success.


Versions:

shibboleth 2.6.1

Server version: Apache/2.4.6 (CentOS)
Server built:   Apr 20 2018 18:10:38


`shibd -t` returns:

2018-06-08 20:36:17 CRIT XMLTooling.Config : libcurl lacks OpenSSL-specific
options, this will greatly limit functionality
2018-06-08 20:36:17 ERROR OpenSSL : error code: 33558541 in bss_file.c, line
402
2018-06-08 20:36:17 ERROR OpenSSL : error data:
fopen('/etc/shibboleth/sp-key.pem','r')
2018-06-08 20:36:17 ERROR OpenSSL : error code: 537346050 in bss_file.c,
line 404
2018-06-08 20:36:17 CRIT Shibboleth.Application : error building
CredentialResolver: Unable to load private key from file
(/etc/shibboleth/sp-key.pem).
overall configuration is loadable, check console for non-fatal problems


I've checked to ensure my keys have the correct owner and permissions,
though.

Thanks for any direction you can give me.



--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Resolving /Shibboleth.sso/Metadata

j_shb
Never mind. It wasn’t an issue with Shibboleth, but with some .htaccess directives getting in the way.

In my Laravel app, `mod_rewrite` rules were preventing the request from reaching `mod_shib`.

After hours of searching, I discover the solution minutes after asking for help. Isn’t that the way?



> On Jun 8, 2018, at 4:39 PM, j_shb <[hidden email]> wrote:
>
> I've reviewed the other threads, but can't find anything that works. When I
> attempt to access /Shibboleth.sso/Metadata, it appears my request is handled
> by Apache (returning a 404) instead of Shibboleth (although I had it working
> at one point!). Left it alone for a few weeks, installed an SSL certificate,
> and now it's broken.
>
> I've reinstalled (`yum remove shibboleth` and `yum install shibboleth`) with
> no success.
>
>
> Versions:
>
> shibboleth 2.6.1
>
> Server version: Apache/2.4.6 (CentOS)
> Server built:   Apr 20 2018 18:10:38
>
>
> `shibd -t` returns:
>
> 2018-06-08 20:36:17 CRIT XMLTooling.Config : libcurl lacks OpenSSL-specific
> options, this will greatly limit functionality
> 2018-06-08 20:36:17 ERROR OpenSSL : error code: 33558541 in bss_file.c, line
> 402
> 2018-06-08 20:36:17 ERROR OpenSSL : error data:
> fopen('/etc/shibboleth/sp-key.pem','r')
> 2018-06-08 20:36:17 ERROR OpenSSL : error code: 537346050 in bss_file.c,
> line 404
> 2018-06-08 20:36:17 CRIT Shibboleth.Application : error building
> CredentialResolver: Unable to load private key from file
> (/etc/shibboleth/sp-key.pem).
> overall configuration is loadable, check console for non-fatal problems
>
>
> I've checked to ensure my keys have the correct owner and permissions,
> though.
>
> Thanks for any direction you can give me.
>
>
>
> --
> Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Resolving /Shibboleth.sso/Metadata

Peter Schober
* Joshua Bryant <[hidden email]> [2018-06-08 23:58]:
> Never mind. It wasn’t an issue with Shibboleth, but with some
> .htaccess directives getting in the way.

I doubt this could possibly cause the error:

  CredentialResolver: Unable to load private key from file (/etc/shibboleth/sp-key.pem).

but glad you got it working anyway.
-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]