Shib SP endless loop

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Shib SP endless loop

Wes Gray
I am trying to get my php app to authenticate with a shibboleth IDP.  I have this in my httpd.conf:

<Location />
  AuthType shibboleth
  ShibRequireSession On
  require valid-user
</Location>

My app is the only one running on this server, so I want everything under / secured.

If I try to access the server I get redirected to the IDP just fine.  I enter my login/passwd and then it goes into an endless redirect loop.  It looks like the IDP redirects to https://myserver/Shibboleth.sso/SAML2/POST but apache intercepts it and decides it needs to be authenticated, so it redirects back to the IDP.  Can anyone explain how this is supposed to work?  How does apache know that a user is authenticated and that it should pass through the request?  Thanks!